North American Network Operators Group

Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

Re: Code Red 2 cleanup; reporting..

  • From: Christopher A. Woodfield
  • Date: Thu Aug 09 13:36:36 2001

FWIW, I just tried to telnet to the 20 most recent hosts I got Code Red II 
probes from, and didn't get a shell prompt on any of them. Are people 
cleaning up their boxes that quickly?


On Thu, Aug 09, 2001 at 02:19:19PM +0800, Mathias K?rber wrote:
> >    Is there an effort abound that would allow for lists of verified 'Code
> > Red 2' infected hosts to be reported for cleanup/mitigation?    
> > By known 'Code
> > Red 2' infected hosts, I mean that root.exe has been found to exist on the
> > host.
> > 
> >   Finding the contact information for a lot of these is proving difficult
> > being that a fair amount of the infected machines are Joe Blow broadband
> > customers.
> Publishing such lists is IMHO not a good idea, as these hosts are vulnerable and
> publishing their addresses would only serve to let more crackers know where to
> go..

Christopher A. Woodfield		[email protected]

PGP Public Key: