North American Network Operators Group

Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

Re: CodeRedII worm..

  • From: Larry Sheldon
  • Date: Sun Aug 05 11:20:10 2001

> > worm creates a known backdoor.  I'm certain that both the CodeRedII author
> > and other black hats would love for us to compile a list of afflicted hosts
> > for them to use.
> They have a few 'friendly' webservers collecting addresses
> just like we do. Everyone on the 'net with a sniffer or web log now
> has such a list. It's a good thought though. 

If we are pretty sure that is the case, how about posting a list somewhere
for the good guys to see--or somebody send email to the ARIN-listed
contact for the IP addresses detected.

I'm trying to build a detector here, but it is hard, given the resources
I can bring to bear.  Mostly me, which means we are in really bad
shape, resource-wise.