back to article Sysadmins, patch now: HTTP 'pings of death' are spewing across web to kill Windows servers

The SANS Institute has warned Windows IIS web server admins to get patching as miscreants are now exploiting a flaw in the software to crash websites. The security bug (CVE-2015-1635) allows attackers to knock web servers offline by sending a simple HTTP request. Microsoft fixed this denial-of-service vulnerability on Tuesday …

  1. Destroy All Monsters Silver badge
    Holmes

    Frankly, I look at this clusterfuck in utter disbelief.

    Oh well, at least the number of "IIS sites in operation" will go south.

    1. Chris King

      I'm in my happy place... I'm in my happy place...

      REBOOT !!! HAHAHAH !!!

      http://ars.userfriendly.org/cartoons/?id=19980914

      1. Anonymous Coward
        Anonymous Coward

        Re: I'm in my happy place... I'm in my happy place...

        "REBOOT !!! HAHAHAH !!!"

        Erm - so back and running again in a minute or so then? Not exactly that much of an issue.

        If someone manages to make a worm like Slapper then that would be far more a problem...

        1. P. Lee

          Re: I'm in my happy place... I'm in my happy place...

          >Erm - so back and running again in a minute or so then? Not exactly that much of an issue.

          No, not at all, as long as every Windows license allows you to install on two machines at once, the extra hardware to run it on and a decent free load-balancer, perhaps the licenses for all the other parts of your application which need to be replicated too.

          Don't get me wrong, it probably isn't the end of the world, no matter how many servers bluescreen. It just makes MS look a bit like Linksys: a bit dinky and not what you'd want in your enterprise. Then I see that they charge money for it and I begin to wonder at the sanity of those who pay. I see the ecosystems created by anti-competitive MS licensing which drives a lot of these decisions and I begin to loath the company, not because there was a program design error, but because of the business practices which twist the environment in an effort to get customers to choose them rather than a competitor, which has nothing to do with suitability of their software for the job.

          Seriously people, validate your input. These are well known, long-established RFCs. \d+ isn't validation. Pick a number as your bounds. Really, its ok to say, "Sorry, our webserver doesn't transfer billions of gigs from a single file, unless you set this tuning option".

    2. This post has been deleted by its author

      1. This post has been deleted by its author

        1. frank ly

          @Betacam

          It seems that Eadon is now a meme. He uploaded himself into the commentardiat consciousness before he was wiped.

          1. This post has been deleted by its author

        2. Anonymous Coward
          Anonymous Coward

          Problem identified - problem solved so what's the problem?

          That problem is solved, but the real WTF is why a http server needs to live in the kernel in the first place? Seems the most unsafe place to keep something as vulnerable as that.

          As much as you consider the problem fixed, it'll just keep happening again at some point in the future. Apache at least runs as an unprivileged user. Yes, Apache has its holes, but multiple need to be exploited for it to become a system-level (kernel) exploit in most cases.

          1. JasonT
            Linux

            Peformance (at least for static pages) is one reason - http://en.wikipedia.org/wiki/TUX_web_server

          2. TomS_

            This was Microsofts answer to increasing IIS performance - moving part of it to the Kernel. I think it started around IIS 6 or so.

        3. h4rm0ny
          Mushroom

          The seething ill-will on these forums is really pathetic some days and this section is a great example of it. Almost nothing but venom and bile and for what? MS found a problem and fixed it and hackers reverse engineered that fix and are now targetting those who haven't patched. What do all these critics believe MS should have done instead? Not patched it and hope no-one else ever found the vulnerability? Patch it secretly and invent some sort of encrypted update system where no-one can see what MS are doing to your servers? Not technically feasible and unacceptable regardless. Seriously - if people are going to pour all this scorn on MS for this, what exactly do they suggest would have been the correct course of action?

          No wait, I've already guessed the response - it's going to be some variation on "they shouldn't have bugs in the first place". Good luck with that! :/

          1. Destroy All Monsters Silver badge
            Mushroom

            Almost nothing but venom and bile and for what?

            This kind of remark is a great example of the modern mindset of the know-nothings freshly shat out of university: Any insecure shit is ok as long it is patched eventually (and is FAST), we let wild coders dump unvalidated stuff from the internet through kernel-level drivers (but we have RAPID TIME TO MARKET), runtime checks are never needed, all code is equally good, and it's all kumbaya from here.

            The problem is not the patch. The problem is that this thing exists in the first place.

            HERE IS YOU CRAYOLA NOW STEP THE FUCK AWAY FROM THE KEYBOARD.

            1. This post has been deleted by its author

              1. Vince

                no joke icon!

                The problem sir is that you assume we all see a joke icon. On the m.theregister.co.uk site, you see no icons, so it is rather harder to deduce the message as a joke.

                1. Pookietoo

                  Re: no joke icon!

                  Maybe use of the joke icon should be accompanied by [joke] in the title line just to make sure we can all appreciate the witticism ... and possibly an apology at the bottom, or just [coat].

              2. Hans 1

                @1980s_coder

                >my comment was a joke, clearly indicated by the joke alerticon.

                Definitely, I think Destroy_ALL_Monsters forgot his, though, too ...

                >HERE IS YOU CRAYOLA NOW STEP THE FUCK AWAY FROM THE KEYBOARD.

                Had me laughing out loud, epic!

                1. Tom 13
                  Devil

                  @Hans 1

                  DAM used the alternate joke icon. How could you have possibly missed that big nuke?

              3. Tom 13

                @1980s_coder

                Apology accepted.

                Next time, just don't even post it. Too many trolls out there post exactly that sort of drivel with no joke intended and put on the joke icon so they can claim otherwise when downvoted. I'd remove my downvote, except the only way to do that is to switch it to an upvote. While I no longer feel you deserve the downvote, I can't go full opposite to an upvote.

            2. Anonymous Coward
              Anonymous Coward

              @Destroy All Monsters - you got pwned

              As h4rm0ny stated 2 hours before you:

              "Seriously - if people are going to pour all this scorn on MS for this, what exactly do they suggest would have been the correct course of action?

              No wait, I've already guessed the response - it's going to be some variation on "they shouldn't have bugs in the first place". Good luck with that! :/"

              You, of course, took the bait and replied

              "The problem is not the patch. The problem is that this thing exists in the first place.

              HERE IS YOU CRAYOLA NOW STEP THE FUCK AWAY FROM THE KEYBOARD."

              Falling into his stupidity call lock, stock and barrel. Because, of course, the decades of claims of "thousands of people looking over code" worked so well for Linux that it never had decades-old errors that had to be patched.

              Nope nope.

              That's called IRONY, my friend. Look it up sometime and get off your high horse.

              1. tom dial Silver badge

                Re: @Destroy All Monsters - you got pwned

                But the implicit point was that we have multiprogramming operating systems partly to isolate tasks from each other and from the kernel to prevent spread of corruption from errors. By putting the probably avoidable error in kernel mode code when it was not functionally necessary, Microsoft committed an additional error. Other posters have noted that Apache has errors, as does IIS. However, Apache does not run as a privileged user, and its errors there will not, as will CVE-2015-1635 in unpatched IIS I if I understand correctly, allow *your least favorite sigint agency or criminal enterprise* to install malicious software of its choice into your operating system.

                Putting the erroneous code in the kernel was a mistake.

                1. Anonymous Coward
                  Anonymous Coward

                  @tom dial, Re: Destroy All Monsters, you got pwned

                  But the implicit point was that we have multiprogramming operating systems partly to isolate tasks from each other and from the kernel to prevent spread of corruption from errors. By putting the probably avoidable error in kernel mode code when it was not functionally necessary, Microsoft committed an additional error. Other posters have noted that Apache has errors, as does IIS. However, Apache does not run as a privileged user, and its errors there will not, as will CVE-2015-1635 in unpatched IIS I if I understand correctly, allow *your least favorite sigint agency or criminal enterprise* to install malicious software of its choice into your operating system.

                  Putting the erroneous code in the kernel was a mistake.

                  Absolutely. But if that were the case then we'd all be running the Windows NT 3.51 kernel topology, but we aren't. And we aren't because everyone was yelling that client/server kernel models impinged on performance, so Microsoft broke the 3.51 kernel model in order to bring the video system into the kernel and allow high performance DirectX calls.

                  And the rest is history.

                  And so starts the process: Microsoft has/had the ability to keep services in userspace but people complain "How come the performance is less than [x]", so they bring the service back into ring 0. You can't get something for nothing - you want userspace or ring 1+ safety, you'll give up a bit of performance...and it is the users who aren't willing to settle for that.

                  1. Anonymous Coward
                    Anonymous Coward

                    Re: you want userspace or ring 1+ safety

                    " you want userspace or ring 1+ safety, you'll give up a bit of performance"

                    OK, I'll happily accept that as a starting point.

                    "it is the users who aren't willing to settle for that."

                    Really? Got any evidence for that?

                    I'm fully aware of the difference between performance as measured by some gamestyle benchmark, and productivity. They're not the same.

                    Productivity's kinda hard to measure directly, but a bluescreen has a negative impact, as does an unwanted information disclosure. A bluescreen on a shared server (rather than a client setup) has a negative impact proportional to the number of punters connected to the server.

                    The IT department's end users are NOT made more productive by putting stuff in the kernel that don't belong in the kernel. Put it back where it belongs.

                    L33t gamerz should have been allowed (nay, forced) to stick with the real-mode-oriented world of Windows 98, IF they truly wanted ultimate gaming speed. Or they could move their games to a proper games machine.

            3. M. Poolman
              FAIL

              @ Destroy All Monsters

              There might of been a point in there which might have been worth thinking about. Shame you put it in such a way as to ensure that the people who had most to learn from it will completely ignore your comment and think that such mindless trolling is the way to discuss technical problems.

            4. Anonymous Coward
              Anonymous Coward

              > This kind of remark is a great example of the modern mindset of the know-nothings freshly shat out of university

              Would I be vastly wrong, were I to surmise from the manner of your expression that you have had limited exposure to higher education?

          2. Mystic Megabyte
            Windows

            @h4m0ny

            No wait, I've already guessed the response - it's going to be some variation on "they shouldn't have bugs in the first place". Good luck with that! :/

            Your guess is incorrect. The reason that people hate xx is because of their strategy of spreading FUD.

            Not wishing to be sued I can only give a possible example.

            Hang around the Ubuntu forum long enough and you will regularly find this sort of thing. A first-time poster will claim to have been using Ubuntu for several years. During this time the OP had nothing but trouble culminating in his data being lost etc. Now he is reverting to Windows.

            From this one can deduce two possibilities.

            !) The poster is an idiot who never asked for help on the forum before, but struggled on alone with his "defective" OS.

            2) He is being paid to propagate FUD.

            I personally do not want to do business with any company that has dishonesty at it's core.

            1. Anonymous Coward
              Anonymous Coward

              Re: @h4m0ny

              I have a cousin like that, although I think he still is running Ubuntu and complaining after each upgrade. Every once in a while I field a question for him that usually is found somehow deficient. Eric Berne would have enjoyed the exchanges.

          3. Anonymous Coward
            Anonymous Coward

            @ h4rm0ny

            You wonder why 'nixers are hostile to MS and laugh at their misfortune, where have you been for the last 20 years ?

            MS engaged in very unpleasant and underhand tactics in days gone by ( such as cancer, SCO, get the facts, patent trolling etc ) so setting themselves up as stage villain. You reap what you sow.

            1. h4rm0ny

              >>"You wonder why 'nixers are hostile to MS and laugh at their misfortune, where have you been for the last 20 years ?"

              Well actually, around 20 years ago I was working on HP UNIX give or take a couple of years (1998). I've worked on UNIX and then GNU/Linux for well over a decade and didn't use Windows in any serious manner until around the time of Windows 7. And you know what? I still don't laugh at other people's misfortune. I judge things on what they are today, not the actions of fifteen years ago. I could actually dig out some old Slashdot posts if I chose where I was endlessly damning MS for various things (SCO, their Embrace, Extend, Extinguish with Internet Explorer), etc. But when the situation changed, I didn't cling to old opinions, I kept them up to date. MS today produce some very good products and I recognize that. Furthermore, I don't cheer when something bad happens or people have to pull an all-nighter because of a problem. What I have learned is that any complex piece of software has problems. Today it is an MS product, tomorrow it will be Apple or an Open Source project.

              So don't tell me what I don't know or that I have to indulge in pointing and laughing because of old history. We move on. At least some of us do.

              1. Anonymous Coward
                Anonymous Coward

                >>Well actually, around 20 years ago I was working on HP UNIX give or take a couple of years (1998)

                So what ? I was working on Vax VMS 27 years ago, you're not the only old fart around here.

                Have you ever considered that patching and clearing up after cock-ups is actually what keeps a lot of admins in a job ?

                By the way 99.9% of comedy is laughing at someone else's misfortune.

                1. h4rm0ny

                  >>"So what ? I was working on Vax VMS 27 years ago, you're not the only old fart around here."

                  I was asked where I had been for the last twenty years so I answered. It's not me trying to argue I'm right because I've been working with these systems for eighteen years, it's me answering a direct question from you. So don't pretend it's anything else.

                  >>Have you ever considered that patching and clearing up after cock-ups is actually what keeps a lot of admins in a job ?

                  I'm not in favour of writing bad code in order to ensure job security. That's a broken window fallacy.

                  >>"By the way 99.9% of comedy is laughing at someone else's misfortune."

                  I think when it's applied continually to a favourite victim, it's called something else.

                2. Anonymous Coward
                  Anonymous Coward

                  > By the way 99.9% of comedy is laughing at someone else's misfortune.

                  No, mate. Having a sense of humour is being able to laugh at your own misfortune while still being able to empathise with others.

            2. This post has been deleted by its author

              1. Anonymous Coward
                Anonymous Coward

                Oh, and I can easily write a perl script to downvote you automatically if you piss me off.

                Meh, write it in assembly then I'll be impressed.

                1. This post has been deleted by its author

                  1. akeane
                    Trollface

                    >1. For a lot of us, assembler is just another language.

                    Assembler is just the latest new "snake oil" fad, real programmers handcraft the machine code directly onto the disk sector...

                    1. Anonymous Coward
                      Anonymous Coward

                      Disk sectors are just snake oil refined.

                      Bloody amateurs...

                      All thats needed is a small chisel, a few wafers and a steady hand, shouldn't take more than an afternoon to carve out a ASIC to to the job properly.

                      1. akeane
                        Mushroom

                        Re: Disk sectors are just snake oil refined.

                        Yep! Trickiest bit is remembering to bake the sand...

                    2. Anonymous Coward
                      Anonymous Coward

                      Ha, youngster

                      try the days when a reboot required the binary entered directly to the bus via switches on a real console.

                      That assembler is returing to being seen as being the mark of the professional is simply that the current "normal" level of programming competence in a high level programming language when applied to assembler results in code that fails fast enough that you can get the fool out the door before he does any real damage.

                      Bugs occur during development however they should never reach the final product, that so many "IT Pros" think that complex coding always results in a faulty final product is just them repeating the BS Bill sold to the world.

                      Bugs in a final product are and always were optional, they simply take time and money to remove however whilst the "IT Pros" keep shouting Bill's mantra the customer will accept faulty products and incompetents can find employment as "IT Pros"

                      1. Jamie Jones Silver badge

                        Re: Ha, youngster

                        Bugs occur during development however they should never reach the final product, that so many "IT Pros" think that complex coding always results in a faulty final product is just them repeating the BS Bill sold to the world.

                        Yes!

                        I remember once reading a forum post elsewhere from someone about how his satellite receiver becomes unresponsive after a while.

                        The resident IT expert replied in a slightly mocking way (and I paraphrase) : "You have to remember that your Satellite receiver is basically a computer, and like all computers, will slow down if not rebooted every few days. This is normal. Just switch it off and on again"

                        I'm not looking forward to when this crop start programming SCADA etc. Can you imagine if the software for airliners, traffic control, nuclear power stations etc. was so flakey and without proper failsafes?

                        1. Anonymous Coward
                          Anonymous Coward

                          Re: Ha, youngster

                          I'm not looking forward to when this crop start programming SCADA etc. Can you imagine if the software for airliners, traffic control, nuclear power stations etc. was so flakey and without proper failsafes?

                          Used CitectSCADA lately?

                          (Disclosure: I've made a bit of money writing MacroView SCADA drivers in recent times which are currently running the backbone of a couple of Defence base energy management systems. No expert but I've done a little bit here and there.)

                    3. Anonymous Coward
                      Anonymous Coward

                      > Assembler is just the latest new "snake oil" fad, real programmers handcraft the machine code directly onto the disk sector...

                      No butterflies?

                  2. Anonymous Coward
                    Anonymous Coward

                    > Why the fuck would you want to write something to interact with a web page in assembler? What would be the advantage?

                    Well, unlike Perl, once you wrote it you would still be able to read it back. :-)

              2. Anonymous Coward
                Anonymous Coward

                and greyness does not necessarily imply wisdom

                "anyone who tries to paint Microsoft as the only source of evil in the history of computing is dumb beyond belief."

                Is anyone really trying to do that? Then they are fools.

                On the other hand, MS is a company with a history, whether you like it or not.

                Their history DOES include moving NT graphics drivers from user mode to kernel mode,. thereby making it seemingly faster, but actually making it less robust (and therefore less productive). And that would be a around a couple of decades ago.

                Their history DOES include lots of "marketing" fluff as well, such as the now infamous (because now clearly discredited) talk about a root and branch top to bottom security review of all the Windows source code.

                There's lots more but I have neither time nor inclination.

                *Any* company of any significant size that repeatedly did these kind things would be deserving of scorn.

                "I can easily write a perl script to downvote you automatically if you piss me off."

                And my dad's bigger than your dad. So what.

                Have a lot of fun.

              3. Richard Plinston

                > The Altair BASIC is a VERY skilled piece of code,

                It is interesting that you claim this. The source code has never been released in spite of Bill saying that he would. So how are you able to make this claim? Bill's word ?

                Bill worked on DEC machines at Harvard, including writing BASIC programs. It has been alleged that Bill had access to the source code of a public domain BASIC interpreter. The Intel 8080 development tools ran on DEC and it may be that Bill used the PD interpreter as the basis for Altair BASIC (and derivatives). Bill also never paid for the development time he used on DEC machines.

                MIT also thought that they had purchased the interpreter but MS continued to resell it, or derivatives, to others.

                > early Windows versions like 1.0 and 2.0 were pretty impressive on the crap PC hardware of the time.

                But not as good as GEM which preceded those.

                1. This post has been deleted by its author

              4. mad physicist Fiona

                Secondly, those of us who learned about IT by experience, rather than in an academic environment, tend to be far more broad-minded and less bigoted than those who spend five years in university, come out waving their silly little bits of paper around, convinced that they now know 100% of what there is to know about IT, and that they can go out and tell us who have been working in the industry for 30 years that we're doing it all wrong.

                The best people have a diversified knowledge base. I certainly would agree that new graduates (of any technical discipline) need a little seasoning but after perhaps five years commercial experience they are much more rounded, they've picked up practical knowledge and experience of real situations and all the surrounding areas outside their original discipline - management, administration and record keeping etc etc. In contrast self taught and on-the-job learning is always something of an unknown quantity and remains like that throughout one's career - there are frequently huge areas of ignorance, a lack of investment in learning and if something works that is the end of story even if a different approach could have been cheaper, better, or less effort. Formal educations fills in many of those gaps, not always well enough to provide all the answers but enough to pose the right questions, the real issue more often than not.

                There's also a question of investment - if you've spent three years at uni you have a hell of a lot of groundwork under your belt before you start tackling real world problems. Without that the temptation is always to cover the bare minimum to achieve the aim in hand even if a more sophisticated approach would be more profitable in the long run. I'm in physics myself (primarily astrometry techniques) and I see it all the time - people have gone to great effort to achieve something and do so badly which when you consider and immediately ask "Why didn't you use a ____?". Within IT I frequently see and hear of completely the wrong tools being used because it is the tool they know. For example there is a choice between spending a week hand-writing a huge, unmaintainable parser or investing a fortnight learning Lex & Yacc for no immediate benefit, but subsequently writing the same parser in a morning. The self-taught tend to take the first approach. The CS graduate has already taken the second.

                Time and time again, I see people tell me that I'm wrong, because they are applying their basic, limited knowledge, to a situation that I have more advanced knowledge about. They are convinced that I am wrong, and once I engage them in conversation about it, they just start sprouting all sorts of erroneous cobblers, without realising how stupid they are making themselves look. Just a couple of days ago on this very forum, I had one idiot trying to tell me that read errors that have been detected by CRC checking are somehow responsible for silent data corruption. By very definition, that obviously cannot be true - that is what the CRC is there for. I have also been told that the bad144 utility reads the inbuilt defect map from a hard disk's controller. Errr, OK... Maybe in a parallel universe.

                The tone of this immediately put me off, it reads as "I'm so much better than everyone else here, the way my skills developed is the One True Path and anything else is wrong." You cannot present a logical argument that you are enriching yourself by denying yourself avenues of learning. There are many sources of skills and knowledge - academic education, industry certification courses, reading and private study, practical commercial experience, pet projects, discussions with your peers, even media reporting. The truly skilled individual has and does expose themselves to as many of them as possible. Stating at the outset that you are not going to consider one of the principle sources, and then treating those around you with contempt because you consider them to be beneath you is impoverishing your sources of skills and learning. That is ultimately to your detriment rather than your benefit.

                Out of interest I did look through your posting history to find the discussion to which you refer. If I called it I would say that you actually lost the argument. You made an initial claim which was challenged with a chain of reasoning showing that in the common case what you said didn't apply. You introduced a lot of smoke and mirrors and arguments based on the rarer cases but at no point did you defend your original claim against the argument against it. Therefore you lost by default.

                What have you learned from that? Nothing, because they are trolls and unfit to untie your shoelaces. That is not the approach of someone who learns wherever they can as an investment in the future.

              5. Jamie Jones Silver badge
                Thumb Up

                @80's_coder

                Brilliant post. Agree entirely.

                There is a HUGE difference betwen UNIX veterans of the 1970s and 1980s, and today's Linux newbies who just go around 'trying out different distributions', virtually all of which are now dumbed down so much that they have become the Windows 3.1 of their day.

                I'm reminded of a quote (but don't remember the author): "BSD is for people that like Unix. Linux is for people that hate Microsoft"

          4. Hans 1

            >MS found a problem and fixed it and hackers reverse engineered that fix and are now targetting those who haven't patched.

            Well, you call that fixed ??? RIP OUT HTTP.SYS and create a user-space binary - a crashing thread serving HTTP should not take down the whole server, is the point generally made on here.

            Of course, putting that into user-space will not be beneficial, performance-wise, but then again, it is way more secure.

          5. Tom 13

            @h4rm0ny

            Stuart Longland has the better statement in this argument. The kernel was the wrong place to put this part of the system. That SHOULD have been fixed when they did the "ground up" rewrite of code back in Vista. And this sort of parameter checking is coding 101, not some arcane dark art.

            Yes, having found the bug they had to fix it. But this bug should never have been there in the first place and absolutely shouldn't be in the kernel.

        4. Roland6 Silver badge

          Re: Problem identified - problem solved so what's the problem? @betacam

          Whilst I would expect a hosting company to do just as you say and quietly deploy this update without fuss. The problem is that IIS is much more widely used, given it is bundled with Windows Server...

          Extranets, intranets to name two obvious examples. additionally, if memory serves me correctly it can be used to deliver the help system for Windows Server. Which given most servers, I've encountered, have updates turned off, for good reason, means that many servers are vulnerable, albeit only to mischief makers on the local network...

    3. Anonymous Coward
      Anonymous Coward

      "'curl' is not recognized as an internal or external command, operable program or batch file."

      I guess you need to be running some legacy software / UNIX compatibility package like CygWin or Services for UNIX for that to work!

      " the real WTF is why a http server needs to live in the kernel in the first place?"

      For performance of course - fewer context switches. Running it in kernel mode is optional though.

      1. Anonymous Coward
        Anonymous Coward

        "'curl' is not recognized as an internal or external command, operable program or batch file."

        I guess you need to be running some legacy software / UNIX compatibility package like CygWin or Services for UNIX for that to work!

        Not necessarily, like most things on Windows it has to be manually downloaded and installed. If you want an OS to come with these useful tools you'll need to look elsewhere.

        " the real WTF is why a http server needs to live in the kernel in the first place?"

        For performance of course - fewer context switches. Running it in kernel mode is optional though.

        All that security risk for what, 0.5% performance increase? Ohh and by "optional", is it on by default?

        For what it's worth, Linux has khttpd. There's probably a good reason why nginx and Apache rule the web server roost on Linux however.

      2. Dazed and Confused

        Re: fewer context switches.

        Well you still need a state save and restore whether you're switching from usermode to another usermode or switching from usermode to kernel mode. But if you're going to apply that argument why bother have a OS in the first place, just run everything bare arsed on the CPU?

        The idea of, well at least 1 idea of, having an OS is that bugs in something as externally attackable as a web server can't bring down the whole system.

      3. Anonymous Coward
        Anonymous Coward

        > I guess you need to be running [...]

        I'm pretty sure you can install Curl on Windows.

    4. Anonymous Coward
      Anonymous Coward

      "Oh well, at least the number of "IIS sites in operation" will go south."

      Why 'at least'? Most of the compromised sites on the internet serving malware or running botnet c&c servers run a flavour of *NIX. More Windows sites would be an improvement.

    5. Vince

      Presumably in disbelief that it's not just your favourite *nixland software can be exploited relatively easily?

      Because as we all know, there's never been a vulnerability in Linux software, such as apache. Nope, never.

      Oh wait, that's total bull... but then I live in the real world.

  2. This post has been deleted by its author

    1. Kevin McMurtrie Silver badge
      Facepalm

      How is this suddenly a vulnerability? I tried implementing the Range header on my home server and got nothing but crap from the Internet. Since both numbers are not unusual, file length and the maximum value of a signed 64 bit integer, it's amazing that IIS servers weren't crashing 20 times a day from it.

      Lost in the noise?

      1. akeane
        Happy

        >and got nothing but crap from the Internet.

        Sounds like it's working normally then...

    2. This post has been deleted by its author

  3. Paul Herber Silver badge

    Years ago I bought two books, "Writing Solid Code" and "Writing Secure Code", both by Microsoft Press. In the latter, page 453. Required reading for all Microsoft employees.

    1. Borg.King
      Facepalm

      No so much 'required reading'

      as required purchases by all MSFT employees. No one told me I _had_ to read them.

    2. This post has been deleted by its author

    3. Anonymous Coward
      Anonymous Coward

      What about the other 452 pages?

      Writing Secure Code: this one?

      https://www.microsoft.com/learning/en-us/book.aspx?ID=5957&locale=en-us

      Couldn't easily find a downloadable version, though it seems like it may on occasion have been available as part of various MS deals.

      Care to summarise what's important about p 453 (Look Inside won't let me see it).

      1. Pookietoo

        Re: Writing Secure Code: this one?

        The one I found claims to be that one, but only has 451 pages - maybe someone wrote "Don't panic!" on the back cover?

  4. John Sanders
    Linux

    Raise your hand...

    All those who think that is a good idea, to make a driver receive HTTP data from the network into kernel space...

    At the end of the auditorium all Microsoft engineers raise their hands and it can be heard chatting animatedly: "yeah! with this we will teach how to make things fast to those unix types"

    (That was a while ago, in a MS conference I think it was the one for Windows 2008)

    Regardless... Obviously this is not a problem, hardly anyone in the press will talk much about it, if it was Apache crashing Linux we'll be hearing for months to come, MS will pitch it in their marketing crap, and it will have a funny name like "Dead Web Server Pass".

    1. thames

      Re: Raise your hand...

      Well, there used to be an HTTP server available for Linux as an optional third party kernel module called "Tux". It let Linux win the web server "speed wars" willy waving contest with Windows and IIS which were (and still are) doing something similar. Then some time around the beginning of the century people realized what an incredibly stupid idea that was, so it never made it into the mainline Linux kernel as an official feature and it died from lack of interest many years ago.

      However, it did get developers thinking about how to get data from the network port and back out again as quickly as possible. They came up with new software mechanisms which let user space HTTP servers work as fast as kernel based ones. In the end, there was really no valid technical reason for putting an HTTP server (or part of one) into the OS kernel. It was just used to play games with bench marks, and even there "proper" design ended up being just as fast as doing it in the kernel.

      I'm surprised that Microsoft are still doing this. However, IIS is slowly dying off altogether so it probably isn't getting the sort of attention that something like this needs.

      1. Mike Bell

        Re: Raise your hand...

        IIS is slowly dying off altogether

        Nope. Despite a short term blip, it's Apache that's been trending downwards for a number of years.

        1. thames

          Re: Raise your hand...

          @Mike Bell - Re: IIS market share "Nope."

          You forgot to use the "joke" icon. Your own link shows IIS market share falling steadily down to third place since 2008, from 20 - 30% down to 10 - 12% for real web sites ("top million" sites are real sites, rather than placeholder pages held by domain speculators). The "top million" sites shows a steady smooth decline over time. IIS has been in third or fourth place for several years and is well on its way to oblivion. That's according to the data in your own link.

          Seriously, I think that Microsoft knows that IIS is well on its way to being an ex-parrot and doesn't think there's much to be done about it. As a result, they'll give it basic maintenance and security patches, but they aren't taking it seriously enough to pro-actively get rid of the obviously bad ideas like the one which is the cause of this current security flap.

          Since IIS is a legacy product, that's not too surprising. A lot of other vendors tend to take the same attitude to product lines which are on their way out to pasture.

          1. Richard Plinston

            Re: Raise your hand...

            > rather than placeholder pages held by domain speculators).

            It has been claimed that Microsoft are 'buying' these placeholder sites by, at least, giving hosting sites free hardware and software to host those inactive domain names to boost the statistics. They may also be paying the host for this. The implication is that IIS is perfect for sites that have no content and no traffic.

          2. Anonymous Coward
            Anonymous Coward

            Re: Raise your hand...

            "Your own link shows IIS market share falling steadily down to third place since 2008, from 20 - 30% down to 10 - 12% for real web sites"

            Windows / IIS tends to be popular for SMEs because it's much less likely to be hacked than Apache / *NIX as per website defacement stats and takes much less effort to secure. The actual market share for IIS without cherry picking is about 28% and it is in clear 2nd place.

            The current market leader is Apache - which tends to run on legacy *NIX OSs - having declined from 66% to a current 38%. In the last year, IIS briefly had a larger market share than Apache...and the gap is now smaller than its been since 1995....

            "As Nginx is the front-end for the domain that is what is counted in the stats. There is no actual decline in Apache usage."

            The decline is Apache usage is somewhat larger than the rise in Ngix use...

            1. Anonymous Coward
              Anonymous Coward

              Re: Raise your hand...

              "Windows / IIS tends to be popular for SMEs because it's much less likely to be hacked than Apache / *NIX as per website defacement stats and takes much less effort to secure."

              I seriously doubt that's the reason. From those I've met it's because Windows is the dominant OS in the SME space (for better or worse) and they simply use it because it's there, not because it's any good. Just like IE as a browser. Many devs I've met who were brought up on Windows sadly seem to lack the imagination to try anything else.

              "The current market leader is Apache - which tends to run on legacy *NIX OSs"

              I think the vast majority of successful companies that have built their business model on the web (Google, Facebook, eBay, Amazon, etc), the majority of super computer vendors, the majority of mobile phone and tablet manufacturers, major networking vendors and many others would seriously disagree that *NIX is legacy. Why is Windows so rare in any of these spaces? If it were so good at everything, surely it would be a more viable contender?

        2. Richard Plinston

          Re: Raise your hand...

          > it's Apache that's been trending downwards for a number of years.

          The slow decline in Apache's share is mirrored by Nginx's rise. In many cases this is because there is a performance incentive in using Nginx as a front-end proxy server to an Apache server farm where Nginx can satisfy simple page requests and load-balance requests back to the heavy lifting Apache servers. As Nginx is the front-end for the domain that is what is counted in the stats. There is no actual decline in Apache usage.

    2. Mikel

      Re: Raise your hand...

      >receive HTTP data from the network into kernel space...

      And then not range check it before using it. For Ned's sake! It is thirteen years since they promised to quit doing this stupid, freshman programmer level stuff. And now every public facing IIS website on Earth can be shutdown from anywhere on the planet, one compromised PC can hose your Intranet. Because their server OS doesn't validate network inputs directly in kernel space.

      When will otherwise responsible organizations learn to stop trusting these people? This is not going to change, ever.

      And apparently after failing for 13 straight years, this Scott Charney character is still there, in charge of not fixing it.

      1. Robert Helpmann??
        Childcatcher

        Re: Raise your hand...

        It is thirteen years since they promised to quit doing this stupid, freshman programmer level stuff.

        Well, they suffered through the original PoD and then brought it out of retirement a couple of years ago because IPv6. Apparently building on preexisting work requires that previously corrected mistakes be repeated.

        1. Androgynous Cupboard Silver badge

          Re: Raise your hand...

          Ironically Windows boxes weren't vulnerable to the ping of death, but they could send one. I ran the site on it.

  5. Anonymous Coward
    Anonymous Coward

    that's nothing, kid, I was around for the ORIGINAL ping of death

    Brings back fond memories from the late 90's of PoD'ing spammers using our mail server as a relay.

  6. Anonymous Coward
    Anonymous Coward

    People seem to be forgetting that Apache had a DoS based on the range header back in 2011 as well. Windows isn't the only one that has issues.

    1. MacroRodent

      People seem to be forgetting that Apache had a DoS based on the range header back in 2011 as well. Windows isn't the only one that has issues.

      You mean this: https://httpd.apache.org/security/CVE-2011-3192.txt

      That bug killed only the user-level Apache server program, not the OS it was running on, and did not lead to any remote exploit. So it was much less serious, thanks to keeping the http server out of the kernel.

      1. Lee D Silver badge

        Nobody is pointing at MS and saying "Ha Ha! You have a bug in handling range requests!". As you point out, they could easily turn around and do the same thing (but it does make you wonder if anyone ever said "Hold on, look at this bug in Apache, could we have the same bug even if we're not using the same codebase?")

        What we're pointing at and saying is "What the hell are you doing with HTTP parsing in the kernel?!" Because the second you say that, it sets off alarm bells in my head, even before this exploit existed.

        Hanging an Apache process - which on any well managed system will do no worse than consume the allocated amount of CPU/RAM assigned to that user/process - is very different to BLUE-SCREENING (kernel dump / etc.) an entire machine (what if it's a hypervisor and the IIS service is an exposed, but secured, HTTP interface to it?) via a single HTTP request (possibly even for a non-existent file etc.!). That leads to data loss, in-memory structures being potentially revealed, etc. and is an order of magnitude more dangerous.

        And it's that more dangerous PURELY because something that shouldn't be in the kernel, is. And MS couldn't make it work fast enough outside the kernel, by their own admission. Security or speed, appears to be the only mutually-exclusive choice.

        Nobody cares about bugs. Bugs happen. Every day, every admin is patching against bugs. The severity of the bugs, however, is linked to the design of the system - and this system is designed, by default, to parse HTTP (possibly unauthenticated, possibly unsolicited, etc.) in the kernel-space with kernel-space privileges.

        At that point, I just go "Duh!" and start checking all my servers to make sure that option isn't on EVEN after I've patched (it was on by default on some internal-only servers that I don't care about but even I'd turned it off on my external-facing servers that I set up a year ago!)

      2. Anonymous Coward
        Anonymous Coward

        Both stop the server from doing it's job. Not really a consequential difference. Anyway, you can tell IIS not to run in kernel mode if you want to.

        Microsoft have managed to keep IIS with fewer vulnerabilities than Apache over the last few years, so they haven't done too bad a job with security...

        1. Anonymous Coward
          Anonymous Coward

          Both stop the server from doing it's job. Not really a consequential difference. Anyway, you can tell IIS not to run in kernel mode if you want to.

          One stops the server from serving web pages but still permits the problem to be rectified by remote access. Heck… you could probably code something that detects the hung Apache daemon, kill it, and re-start Apache automatically without user intervention.

          The other stops the server from performing ANY functions. The only thing you can do is get someone to walk up and press the reset button. The alternative is having the box rigged up with lights-out management cards or having remote-controlled power switches.

  7. Peter 39

    stupidity calcified

    (1)Microsoft has been doing this make-it-faster-by-putting-it-in-the-kernel thing for twenty years.

    Nothing has changed, nor will it change. The only way for MS to stop it is to isolate Windows into a VM on top of some non-Windows OS.

    For if it is Windows, see (1)

  8. James Cane

    Don't like IIS?

    Loads of mouth breathers here who think that supposed technical superiority is a good reason for tens of thousands of businesses to spend big money porting existing web applications from IIS to Linux.

    Many organisations don't have that sort of money and, even if they did, where's the added value to their businesses? The web server is a sunk cost and a tool to run their business, not an ideological geek statement.

    A bug of this severity could be - and probably is - hiding in Linux as well. Heartbleed, anyone?

    1. Lee D Silver badge

      Re: Don't like IIS?

      A remote-root / DoS exploit in Apache that can take down your system? Those are so few and far between they are news items.

      Heartbleed etc. is an information disclosure attack. It doesn't crash your servers. It doesn't provide remote-root. It doesn't take the server down to the point that NOTHING else works until someone comes along and manually intervenes.

      Nobody is saying port all your IIS to Apache. What we're saying is: this is the cost of quick-and-dirty solutions. The licensing for your server, plus IIS, plus whatever web app you had developed? Probably could argue that it would have been better to stick on a "free" system and spend the money securing it instead. Hindsight and all that, but nobody's suggesting up-and-leaving IIS.

      And though bugs exist in all software, this is a design bug. You put HTTP parsing into the kernel. That's just STUPID. If you'd asked me ten years ago about that, I'd have said it's stupid. You don't want the MACHINE crashing on a kernel level, taking every other service with it instantly, potentially losing data irretrievably, just because someone sent you a rogue packet. We changed the design of TCP stacks etc. years ago to get rid of junk like that, and the days of things like the Xmas Tree packets, smurf-attacks, fraggle-packets etc. are long gone.

      I see any monoculture as a problem for a business, personally. If your app only works on Linux or only works on Windows, you have a problem. But reality steps in often and people don't care or realise about it. That doesn't mean that's the "right" answer. It just means that we make sacrifices from an ideal system to meet budget or time constraints.

      However, it may well be worth investigating the budget/time implications of something like a simple script-kiddie attack on your server - almost identical to a decades-old Apache bug that never caused more than a service DoS on that software - taking down all your services in the hardest way possible (possibly inducing data loss) until you can patch against it.

      Nobody have perfect home security. No business has the perfect lock on the door. But when you've been broken into a number of times by kids with lolly sticks, you might well be justified in thinking about upgrading, hardening or look more favourably on an alternative supplier next time.

      1. steeple

        Re: Don't like IIS?

        Lee

        Overall, I agree with you. However, I am uncertain about the emphasis in: "Heartbleed etc. is an information disclosure attack. It doesn't crash your servers." For me, information disclosure is probably the biggest risk I have.

        Naive question: does this vulnerability only allow the attacker to crash servers? Or does it enable elevated privileges or other compromises to the target?

        Rgds

        1. Anonymous Coward
          Anonymous Coward

          Re: system crash vs payload with elevated privileges

          "Naive question: does this vulnerability only allow the attacker to crash servers? Or does it enable elevated privileges or other compromises to the target?"

          Perfectly reasonable question.

          The vulnerability is known as CVE-2015-1635 (it's in the article), which quickly leads to

          http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1635

          which says

          "[vulnerability] allows remote attackers to execute arbitrary code via crafted HTTP requests"

          Or see what MS have to say:

          https://technet.microsoft.com/library/security/MS15-034

          includes

          "A remote code execution vulnerability exists in the HTTP protocol stack (HTTP.sys) that is caused when HTTP.sys improperly parses specially crafted HTTP requests. An attacker who successfully exploited this vulnerability could execute arbitrary code in the context of the System account."

          So, given that the arbitrary code is running in the context of the System account, yes elevated privileges (and therefore information disclosure) are in theory possible, IF a suitable payload can be found - one that will run some desired code, rather than running some random data and therefore 'just' crashing the system.

          It's been far from impossible to find a 'suitably crafted payload' in other instances, as history shows.

          1. steeple

            Re: system crash vs payload with elevated privileges

            Thanks AC. Nice explanation.

    2. Tom 13

      Re: Don't like IIS?

      The web server is a sunk cost

      Oddly enough, that MIGHT be true if it were OSS, but not anything from MS or Oracle. As El Reg has been pointing out quite loudly with some of its headlines this last week, there's a lot of MS software out there that is EOL and MUST be replaced, regardless of whether or not the hardware is overloaded.

      Yes added value is important, but you really should be sure of your footing before making that argument. If you don't you wind up not merely looking like a fool, but confirming the fact that you are.

  9. bdam
    Facepalm

    It "IIS" thing

    It's some kind of irrelevant obscure web server, right?

    Can I visit it using "IE", which I hear is some kind of irrelevant obscure desktop web browser?

    How about this "Windows Mobile" - that's as irrelevant and obscure, will that work with it?

    With so much irrelevance floating around, why such a fuss?

    1. Anonymous Coward
      Anonymous Coward

      Re: It "IIS" thing

      It "IIS" thing "It's some kind of irrelevant obscure web server, right?"

      It has 28% market share, and is the second most popular.

      "Can I visit it using "IE", which I hear is some kind of irrelevant obscure desktop web browser?"

      That has 58% market share of desktops...

      "How about this "Windows Mobile" - that's as irrelevant and obscure, will that work with it?"

      That has ~ 3% market share - and is the 3rd most popular mobile OS.

      1. Tom 13

        @AC Re: It "IIS" thing

        You were actually doing pretty well there for a bit.

        Then, with your very last line, you went and earned yourself a downvote.

  10. Yugguy

    We read about it. We patched it.

    The end.

    Couldn't give a shite as to iis vs apache or any other bollocks thanks.

    1. Anonymous Coward
      Anonymous Coward

      Re: We read about it. We patched it.

      And that attitude, dear reader (acting without understanding and very definitely without giving an eff) is why so many 'modern' IT projects are late, over budget, never work, etc. Regardless of OS.

  11. Dan Paul

    Those packets are coming from

    Somewhere in Turkey according to the Whois RIPE records for the IP Address the article gave.

    Don't you think all this arguing could be better directed towards that IP range and the Abuse email address? Just a few million emails might get their attention?

    Abuse contact for '78.186.113.0 - 78.186.138.255' is 'abuse@ttnet.com.tr'

    inetnum: 78.186.113.0 - 78.186.138.255

    netname: TurkTelekom

    descr: TT ADSL-TTnet_static_ulus

    country: tr

    admin-c: TTBA1-RIPE

    tech-c: TTBA1-RIPE

    status: ASSIGNED PA

    mnt-by: as9121-mnt

    source: RIPE # Filtered

  12. Anonymous Coward
    Anonymous Coward

    SSL version

    http_proxy="" curl -v https://[IP_ADDRESS]/ -H "Host: test" -H "Range: bytes=0-18446744073709551615" -k

    The example given will fail against https only websites eg Exchange EWS (or it should be). Also the request for a non existent file may fail. The -k above turns off certificate checking

    1. Buzzword

      Re: SSL version

      For my https-only server, this works:

      curl -I -v https://my.server.name/realfile.png -H "Range: bytes=0-18446744073709551615"

      (The file requested must actually exist.)

      Before patching it replied "HTTP/1.1 416 Requested Range Not Satisfiable"

      After patching it replied "HTTP/1.1 400 Bad Request"

  13. Anonymous Coward
    FAIL

    My mom continues to be vindicated!

    For those of you (read: all of you) who have forgotten my occasionally mentioned backstory, my mother spent her career in mainframe programming and operations. She often repeated the old snarky programming adage that "If builders made buildings the way programmers made code, the first woodpecker that came along would destroy civilization."

    It's nice to know that some things never change.

    1. yowl00

      Re: My mom continues to be vindicated!

      Bad analogy from the waterfall days of software engineering. But then some people never change.

  14. clocKwize

    What the hell

    I didn't read all the comments so this might have come up before..

    Talking of "attack surface". Who the bloody hell implements part of a public facing web service as a kernel module :O ARGH.

  15. This post has been deleted by its author

  16. Anonymous Coward
    Anonymous Coward

    The real joke here is...

    .. that businesses still buy into the Microsoft scam that a crap OS maintained by click monkeys is cheaper to run than a free OS maintained by experts, against all the daily evidence.

    1. Anonymous Coward
      Anonymous Coward

      Re: The real joke here is...

      Actually the vast majority of evidence shows that Linux, etc is only cheaper for niche uses such as web servers. Businesses are all about profit, so if what you said was true they would be beating down doors to get to the better mousetrap. Hardly anyone is.

      The license / support fee for Enterprise Linux distributions is often higher than the licensing costs of Microsoft products. And then as per your comment, Open Source options are usually more expensive to run and require 'experts' to complete even basic tasks...

      There have been good examples of those that tried and failed like Munich - tens of millions spent more than the cost of sticking with Microsoft, a decade spent migrating - 20% of systems still requiring Windows - and the users so dissatisfied with the crappy solution that they are now desperately looking at options to reverse course...

      1. Anonymous Coward
        Anonymous Coward

        Re: The real joke here is...

        Evidence? Munich?

        Last time there was a big flurry of news on this front (2013), not only had the "evidence" in the Munich case not been published in full, the people behind the "study" turned out to be HP consulting, acting on behalf of (wait for it) Microsoft.

        And at that time the City of Munich were disagreeing with the MS representation of the verdict. But you'll quite rightly say "they would say that, wouldn't they".

        Lots of reports around from 2013, here's a typical one:

        http://www.zdnet.com/article/no-microsoft-open-source-software-really-is-cheaper-insists-munich/

        There have been a few more recent reports, such as this one from late 2014, where the council makes clear it isn't planning a large scale return to Windows:

        http://www.techrepublic.com/article/no-munich-isnt-about-to-ditch-free-software-and-move-back-to-windows/ (and similar elsewhere).

        And shortly after that, the council says a return to Windows would cost maybe 14000 new PCs totalling maybe Euro3M for hardware alone, not including additional licences and new infrastructure, whereas the move to Linux had saved Euro11M in licensing and hardware.

        http://www.zdnet.com/article/munich-sheds-light-on-the-cost-of-dropping-linux-and-returning-to-windows/

        Not so clear cut for you now is it. Fairly clear which choice is more beneficial for MS and HP though.

        Now, if you've still got something more useful to contribute, rather than selective misrepresentations, feel free to post it.

        1. Anonymous Coward
          Anonymous Coward

          Re: The real joke here is...

          Clearly running a ten year plus migration project, inventing a new OS - Limux, running 2 platforms for the duration instead of one, still running and supporting 2 platforms at the end of it - and integrating 2 platforms - with an inferior end solution all are going to have high costs. Estimated by HP at about €30 million. And that's without the cost of the millions IBM spent on the project to develop and maintain Limux

          The Munich quoted cost 'savings' only refer to licensing costs which of course is a only a tiny part of the picture. The fact that they are investigating the options of how to reverse course and are costing it up says it all - they desperately want to escape an inferior mess of a OSS based solution. Of course it's then a bit tricky to admit that they poured €30 million down the drain....

          Regardless of this failure - as above - if Linux really was cheaper it would be being adopted en mass, whereas in reality it hasn't moved over 2% desktop market share ever.

          1. Anonymous Coward
            Anonymous Coward

            Re: The real joke here is...

            Thanks for that.

            "they are investigating the options of how to reverse course and are costing it up says it all"

            It hopefully says that, like any sensible forward-looking organisation, they are looking at the available options to see which is best fit to their needs, now and in the future.

            There is no hard and fast reason for anyone to believe that one IT solution is necessarily appropriate for every organisation in every set of circumstances now and in the future, although a massive business ecosystem has been built up based on this premise.

            Meanwhile, is there a URL where one can read the full unedited HP/MS report?

            If not, you know where your selective quoting belongs.

            Have a lot of fun.

          2. Richard Plinston

            Re: The real joke here is...@TheVogon/Richto/AC

            The usual TheVogon/Richto/AC lies.

            > Estimated by HP at about €30 million.

            The HP report was funded by Microsoft and made no reference at all to what Munich actually spent, they just made it up. For example they included costs for replacing computers frequently while, in fact, Munich reused their computers that were running NT. It also ignored the costs of retraining from NT to XP to Vista to Windows 7, and from Office 1997 to 2003, 2007, 2010, ... The report is a complete work of fiction.

            > And that's without the cost of the millions IBM spent on the project to develop and maintain Limux

            IBM may well have spent many millions developing Linux OS (for example for their mainframes) and their applications for Linux (eg Websphere) but that was supporting their sales of billions and was nothing to do with Munich.

            > The Munich quoted cost 'savings' only refer to licensing costs which of course is a only a tiny part of the picture.

            Exactly, there were many more savings.

            > The fact that they are investigating the options of how to reverse course and are costing it up says it all

            There is ONE new deputy mayor that wants to reverse course.

            > if Linux really was cheaper it would be being adopted en mass, whereas in reality it hasn't moved over 2% desktop market share ever.

            There are now more Linux based personal computing devices then all others combined.

      2. Anonymous Coward
        Anonymous Coward

        Re: The real joke here is...

        The reason that Microsoft have an OS footprint is the same reason VHS beat betamax namely marketing, general ignorance, BS and paying off people behind the scenes.

        If only DR had sued Microsoft for CMP86 infringement right at the start then we wouldnt be in this mess

  17. @orcaconfig

    6 second video demo to fix pings-of-death problem

    @orcaconfig created a quick fix 6 second video demo to solve the IIS pings of death problem :) . Not allowed to link to it here but hope it opens the door to a fix when you find it on the site-- resources/articles section.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like