Brian wrote: > You're OK. As long as you don't have IIS running on an NT machine > accessible to the world all is fine and dandy. Since this worm is using > exploits only found in IIS any subsequent variants (oh, you bet there will > be more) it will never affect Apache. This is what I have always been told. But I am puzzled about something: Steve Siegfried wrote: > Of the CodeRedII hits that nslookup doesn't fail on, nslookup showed they came > from: > 48% .home.com > 18% .rr.com > 7% .mediaone.net > 4% .shawcable.net > 4% .dyn.optonline.net Does this mean all of these cable users are running NT (or 2000) with IIS? I would expect them to be mostly MS Windows of some sort, but more of the 9x/ME variant and hence not directly part of this. And why would they be running IIS? Glenn McDavid mailto:gmcdavid at winternet.com http://www.winternet.com/~gmcdavid