North American Network Operators Group

Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

Re: Code Red 2 cleanup; reporting..

  • From: Steven M. Bellovin
  • Date: Fri Aug 10 03:32:47 2001

In message <[email protected]>, mik
e harrison writes:
>> Spent nearly two days convincing someone who was managing a server that he
>> was beating up machines all over the company. It finally took someone at
>Tonight, 20 minutes after openning up port 80
>on a firewall to a server supposedly only running
>the latest CITRIX on Port 80 (why 80? Don't ask me?)
>and the high paid out of town consultants swearing they
>had applied the appropriate patches and were safe, 
>they are now broadcasting out the latest CodeRed style worm.
>I got some nice sniffit captures from my Linux firewall
>though.. this morning will be interesting. I wonder
>how they like their crow served.
I've seen a report that the patch is not fully effective -- see
That was on last night, but it's gone this morning, so 
maybe that claim isn't accurate.

		--Steve Bellovin,