Bugtraq mailing list archives
Re: [BUGTRAQ] Full analysis of the .ida "Code Red" worm.
From: Vern Paxson <vern () ee lbl gov>
Date: Thu, 19 Jul 2001 22:32:22 PDT
No -- it is "constrained" because it has reached the *UTC date* (not time as initially reported) when it is programmed to switch from "spread like crazy" mode to "DoS one of the IPs that was part of www.whitehouse.gov" mode. In about ten days it will flick back to the "spread like crazy" mode.
I've got to wonder about this - I've been tracing whitehouse.gov (both old and new addresses) at several locations, and I'm not seeing much traffic to it. Vern
Current thread:
- Re: [BUGTRAQ] Full analysis of the .ida "Code Red" worm. Vern Paxson (Jul 19)
- <Possible follow-ups>
- Re: [BUGTRAQ] Full analysis of the .ida "Code Red" worm. Vern Paxson (Jul 19)
- Re: [BUGTRAQ] Full analysis of the .ida "Code Red" worm. Vern Paxson (Jul 19)
- Re: [BUGTRAQ] Full analysis of the .ida "Code Red" worm. Nick FitzGerald (Jul 19)
- Oracle Vulnerability Discovered in OID Aaron C. Newman (Jul 20)
- Re: [BUGTRAQ] Full analysis of the .ida "Code Red" worm. Jerome Alet (Jul 20)
- Re: [BUGTRAQ] Full analysis of the .ida "Code Red" worm. Nick FitzGerald (Jul 19)
- Re: [BUGTRAQ] Full analysis of the .ida "Code Red" worm. Vern Paxson (Jul 19)
- Re: [BUGTRAQ] Full analysis of the .ida "Code Red" worm. Tony Langdon (Jul 19)
- Re: [BUGTRAQ] Full analysis of the .ida "Code Red" worm. Vern Paxson (Jul 20)