Bugtraq mailing list archives
Re: [BUGTRAQ] Full analysis of the .ida "Code Red" worm.
From: Tony Langdon <tlangdon () atctraining com au>
Date: Fri, 20 Jul 2001 11:13:07 +1000
An update. It's now 0100z on July 20. As predicted, the attack rate of the Code Red worm has fallen to practically zero (and someone's even slipped in a couple of portscan and named probes for something different...), and suspicious traffic has fallen to pre-Code Red levels. The droppoff was sudden and coincident with the rolling over of the UTC date. Microsoft patches here prevented any local infestation, and I have filtering rules to prevent the spread of the worm from here, just to be safe. Somehow, I think things aren't so good at the White House, right now. Tony Langdon. Systems Development and Support. ATC Training Australasia. Level 2 321 Exhibition St Melbourne 3000. Phone: 1300 13 1983 WWW: http://www.atctraining.com.au
-----Original Message----- From: Vern Paxson [mailto:vern () ee lbl gov] Sent: Friday, 20 July 2001 9:50 To: Joe Harris Cc: BUGTRAQ Subject: Re: [BUGTRAQ] Full analysis of the .ida "Code Red" worm.So far today, it's been 1.17 million different remote hosts.Damn, serious methodology error in crunching that. The correct figure is (I now believe :-) 293,000. Vern
Current thread:
- Re: [BUGTRAQ] Full analysis of the .ida "Code Red" worm. Vern Paxson (Jul 19)
- <Possible follow-ups>
- Re: [BUGTRAQ] Full analysis of the .ida "Code Red" worm. Vern Paxson (Jul 19)
- Re: [BUGTRAQ] Full analysis of the .ida "Code Red" worm. Vern Paxson (Jul 19)
- Re: [BUGTRAQ] Full analysis of the .ida "Code Red" worm. Nick FitzGerald (Jul 19)
- Oracle Vulnerability Discovered in OID Aaron C. Newman (Jul 20)
- Re: [BUGTRAQ] Full analysis of the .ida "Code Red" worm. Jerome Alet (Jul 20)
- Re: [BUGTRAQ] Full analysis of the .ida "Code Red" worm. Nick FitzGerald (Jul 19)
- Re: [BUGTRAQ] Full analysis of the .ida "Code Red" worm. Vern Paxson (Jul 19)
- Re: [BUGTRAQ] Full analysis of the .ida "Code Red" worm. Tony Langdon (Jul 19)
- Re: [BUGTRAQ] Full analysis of the .ida "Code Red" worm. Vern Paxson (Jul 20)