Wrox Home  
Search P2P Archive for: Go
Shopping CartView Cart  |  My Account  |  Support
Home Browse Titles

P2P Archives
 

Archive Index
Back to Active P2P Forum

 


Wrox Chapters on Demand - Download the chapters you need and take them on the go!
Wrox First - Instant Access online to new Wrox books

New Titles for ASP.NET

Cover image for product 0470379308
Professional ASP.NET 3.5 Security, Membership, and Role Management with C# and VB
Cover image for product 047041569X
LINQ-ifying TheBeerHouse: An N-Tier LINQ Web Application with ASP.NET 2.0 Website Programming Problem Design Solution
Attention User Groups: Post your next LUG event here
  Return to Index  

security_asp thread: firewall

Message #1 by "Dan McKinnon" <mddonna@u...> on Mon, 30 Jul 2001 22:21:13
Thank you Steve, George, and Wei (and anyone else I forgot) --

I appreciate the help. Here's more of the story.

From last November till a couple weeks ago, I ran a nonprofit IIS site 
from my home on a server I built using a fast DSL connection. I am running 
Windows 2000 Server. Additionally, I had a LAN with two machines, one 
running Windows 2000 Professional and another running Linux that was only 
connected to the network sporadically. I am trying to learn Linux, but 
getting the spare time is hard, especially recently.

About three weeks ago I was hit by the backdoor.sadmind worm. I thought I 
had it contained, and then the fireworks began. One night I had turned off 
the machine running Pro and found it on the next morning. I couldn't turn 
the machine on or off and there was a burning smell in the air. Further 
probing revealed the processor was fried and the motherboard was ng (no 
good). I suspect someone on the Internet took control of the machine and 
put a program like an infinite loop in the Scheduler. Another guy I talked 
to however said it was just a coincidental hardware failure and was not 
linked to the Internet attack because he said it would require going into 
the BIOS to ruin the machine like that. 

I was sorry to have to do it, but I rebuilt the Pro machine using parts 
from the Linux machine (my wife needs a non-Linux computer :)). Then I 
reformatted both Win2K machines, installed the OSes, installed Service 
Pack 2 on each, and methodically installed every appropriate security 
patch for each machine, including the recent code red patch.

Now I am ready for a firewall, but I am also seriously considering just 
bagging the IIS admin thing and paying an ASP ISP to worry about this. I 
have lost days dealing with this, and it seems like I will have to spend a 
lot of time in the future to deal with it. I consider myself a Web 
publisher and ASP developer foremost, and security is a career (and then 
some) unto itself. All of my studies (VB, ASP, Linux, COM) have been on 
hold while I deal with this stuff. Yes, it is great to have control of the 
server, but at what price? And George mentions the network admin chores 
(security patches) in addition to the IIS ones.  

Any further input from you regarding these issues would be welcome.

Thank you.

  Return to Index  
About Wrox  |  Contact Us  |  Subscribe to an RSS Feed of New Wrox Titles
Copyright © 2000-2004 by John Wiley & Sons, Inc. or related companies. All rights reserved. Please read our Privacy Policy