North American Network Operators Group Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical RE: Code Red
Title: RE: Code Red Only thing I have seen as far as attempts to attack a web server is the following from an apache server:
I'm still not sure what this exploit does, other than return a strange error page, not a 404 on an MS IIS system, but more like a "failed SQL query" page on the ones I've tested. I've not had enough time to further this exploit. As for the payload of these items, some of the systems that attempted this seemed to be unpatched for the exploit regarding getting a root shell. Of the ones I had been able to see the exploit on, there was an exe in the scripts directory called root.exe, which turns out to be a copy of cmd.exe. In short, I would assume that if the boxes in question had that exploit any number of payloads(timebombs) could have been deployed. I just figure I'll put up a page called Default.ida on Apache server, some ads and start charging for the hits.. Just my 2�s
-----Original Message-----
At 11:12 PM 7/19/2001, [email protected] wrote:
Web servers that were hit beginning this morning at 11:26:41 EDT have not
I'm wondering if this because it was coming up on 00:00:00 GMT 20-July-2001. According to the PC-Cillin write up, the 100-thread scan only takes place
Does anybody really know yet what payloads this thing is carrying?
|