North American Network Operators Group Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical Re: Code Red on dial-in ppp
I'm not sure I see why a POTS PPP link, or some other slow(er) on demand link might stop CodeRed. The first-pass payload is under 4096 bytes including framing, not exactly something you need a lot of low-latency bandwidth to push through. :-/ -J On Sat, 21 Jul 2001, Mitch Halmu wrote: > > You may have received the following from [email protected] > > This mail is from the ARIS Analyzer Service (Attack Registry and > Intelligence Service) from SecurityFocus. It has come to our attention > that your system(s), listed below have been identified as being > compromised by the Code Red Worm. The Code Red Worm is rapidly > spreading across the Internet, compromising vulnerable Windows NT IIS > servers. > > The addresses identified as belonging to you are as follows: > > [ dynamic dial-in ip ] > [ dynamic dial-in ip ] > > [snip] > > This makes me think that the worm is capable to infect not only > dedicated web servers, but also dial-in customers running ppp that > happen to be online when the attack occurs. NetSide is an all Sun > sparc shop and we don't have any Windows based machines, but I can see > this worm being alive and spreading for a long time if dial-in users > are affected. > > Unfortunately, they don't provide a date and time stamp, so > identifying the actual user is not possible. I can provide web server > log extracts to whomever collects/analyzes such information (John O., > sorry but you're bouncing my email - get rid of MAPS). > > --Mitch > NetSide Jason A. Mills [email protected] ---------------------------------------------- "La morale est la faiblesse de la cervelle." Arthur Rimbaud --- Une Saison en Enfer
|