North American Network Operators Group|
Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical
Re: CodeRedII worm..
> > worm creates a known backdoor. I'm certain that both the CodeRedII author > > and other black hats would love for us to compile a list of afflicted hosts > > for them to use. > > They have a few 'friendly' webservers collecting addresses > just like we do. Everyone on the 'net with a sniffer or web log now > has such a list. It's a good thought though. If we are pretty sure that is the case, how about posting a list somewhere for the good guys to see--or somebody send email to the ARIN-listed contact for the IP addresses detected. I'm trying to build a detector here, but it is hard, given the resources I can bring to bear. Mostly me, which means we are in really bad shape, resource-wise.