Protecting your Web server from Nimda

User Charles Banas offers this tip for securing your Web server against Nimda.

Protecting your Web server from Nimda

This tip was submitted to the searchSecurity Tip Exchange by user Charles Banas. Let other users know how useful it is by rating the tip below.

The Web security tip titled Protecting the Web server is something I wish I had access to (or had realized) before I went to work today.

You see, my company was hit with the new Nimda worm. It uses several IIS exploits, including one that we discovered only too late: TFTP. It uploads its core code as Admin.dll and executes that DLL file from the root directory on the main (C:) drive. If we hadn't had TFTP enabled, (it is by default) we never would have had much of a problem with this worm.

Thank God for the services file in %systemroot/system32/drivers/etc/services! Specifially, the line we changed was: TFTP 69/udp
to: TFTP 0/udp

(Oh, man I hate IIS...)


This was first published in September 2001
This Content Component encountered an error

Pro+

Features

Enjoy the benefits of Pro+ membership, learn more and join.

0 comments

Oldest 

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to:

-ADS BY GOOGLE

SearchCloudSecurity

SearchNetworking

SearchCIO

SearchConsumerization

SearchEnterpriseDesktop

SearchCloudComputing

ComputerWeekly

Close