Re: [BUGTRAQ] Full analysis of the .ida "Code Red" worm.

[Tony Langdon <tlangdon () atctraining com au>]

An update.  It's now 0100z on July 20.  As predicted, the attack rate of the
Code Red worm has fallen to practically zero (and someone's even slipped in
a couple of portscan and named probes for something different...), and
suspicious traffic has fallen to pre-Code Red levels.  The droppoff was
sudden and coincident with the rolling over of the UTC date.

Microsoft patches here prevented any local infestation, and I have filtering
rules to prevent the spread of the worm from here, just to be safe.

Somehow, I think things aren't so good at the White House, right now.

Tony Langdon. 
Systems Development and Support. 
ATC Training Australasia.  Level 2 321 Exhibition St Melbourne  3000. 
Phone:  1300 13 1983     WWW:  http://www.atctraining.com.au 



> -----Original Message-----
> From: Vern Paxson [mailto:vern () ee lbl gov]
> Sent: Friday, 20 July 2001 9:50
> To: Joe Harris
> Cc: BUGTRAQ
> Subject: Re: [BUGTRAQ] Full analysis of the .ida "Code Red" worm.
>
>
> > So far today, it's been 1.17 million different remote hosts.
>
> Damn, serious methodology error in crunching that.  The correct
> figure is (I now believe :-) 293,000.
>
>               Vern