|
Symptom(s):
Intel® PRO/Wireless 2011 LAN Access Points are at risk of being affected by the malicious piece of code named "Code Red" worm. The worm takes advantage of a security hole in Microsoft Internet Information Server* (IIS). Consequently, the worm can also generate large amounts of traffic that can overload network devices with built-in web servers - including routers, switches and wireless LAN access points. As a result, this can then cause a buffer overflow condition and slow or hang the Intel® PRO/Wireless 2011 LAN Access Point.
Cause:
The Code Red worm looks for devices with port 80 open. The Access Points (APs) use port 80 for accessing its built-in web server user interface. Once the worm detects a device with port 80 open, it sends large amounts of long data strings to the device, which in turn can cause buffer overflows causing the access point to slow down or completely hang. There is no permanent damage to the AP. Resetting the AP will restore operation until the worm once again detects the device.
Solution:
- Temporarily disable the web server user interface in the Access Point (AP) and use the Telnet or console interface until the Code Red worm is eradicated from your network.
1. Access the AP via Telnet or the console port.
2. Disable the Web Interface in the System Configuration screen.
- Install Microsoft's patch* to your IIS servers and desktop systems to minimize the spread of the worm.
- Update your ant-virus software and run it on all of your systems to remove the worm.
Operating System:
| Windows 2000*, Windows NT 4.0*, Windows NT Terminal Server*, Windows 2000 Server*, Windows 2000 Advanced Server* |
This applies to:
| 
