Protecting your Web server from Nimda

User Charles Banas offers this tip for securing your Web server against Nimda.

Protecting your Web server from Nimda

This tip was submitted to the searchSecurity Tip Exchange by user Charles Banas. Let other users know how useful it is by rating the tip below.

The Web security tip titled Protecting the Web server is something I wish I had access to (or had realized) before I went to work today.

You see, my company was hit with the new Nimda worm. It uses several IIS exploits, including one that we discovered only too late: TFTP. It uploads its core code as Admin.dll and executes that DLL file from the root directory on the main (C:) drive. If we hadn't had TFTP enabled, (it is by default) we never would have had much of a problem with this worm.

Thank God for the services file in %systemroot/system32/drivers/etc/services! Specifially, the line we changed was: TFTP 69/udp
to: TFTP 0/udp

(Oh, man I hate IIS...)


This was last published in September 2001

Dig Deeper on Web Server Threats and Countermeasures

PRO+

Content

Find more PRO+ content and other member only offers, here.

Start the conversation

Send me notifications when other members comment.

By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Please create a username to comment.

-ADS BY GOOGLE

SearchCloudSecurity

SearchNetworking

SearchCIO

SearchConsumerization

SearchEnterpriseDesktop

SearchCloudComputing

ComputerWeekly

Close