Posted 27th July 2001

Attention DSL Users Code Red

If you use a setup where the adsl is hooked up to an internal card in the businesses NT server. The full server and potentially all the data it contains is then available 24 hours for anyone on the internet to attack. An external device, carefully set up is so much better.

Note that even though very few firewalls would defeat this particular worm called Code Red, if a IIS (Internet Information Server from Microsoft as part of Windows NT and Windows2000) web server was visible to the internet; with external adsl routers (not using usb port) the choice has to be made to expose a IIS (or any other) server, so most would not be exposed.

When setting up an external modem you have to use network address translation (NAT) which prevents outside access to your machine, but with internal modem the computer's files are directly accessible from the Internet - unless you download and use a software firewall programme like `Black Ice' or at Symantec using a Norton product. NAT will allow incoming network connections from Internet, if you set up your external dsl modem that way (eg to run a mail or webserver). With NAT off you are then susceptible to attack, which is your choice. The Code Red worm was programmed to spread only for a day, no danger from it now.

After the day was up, the CR work was programmed to cause denial of service to US White House. However, if you have exposure via IIS, then you need to keep up to date with security patches from Microsoft or you will be open to attack from the inevitably next worm to come along....