Security Incidents mailing list archives
CodeRedII attempts from Cable/DSL/dial-ups
From: "Ben N. Venzke" <bvenzke () tempestco com>
Date: Sun, 5 Aug 2001 23:19:59 -0700
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
If CodeRedII can only infect Windows 2000 boxes running IIS, why all
of the CodeRedII infection attempts from what appear to be DSL, cable
modem and dial-up boxes?
I could see running a small server on a DSL line but are there really
that many people running IIS on a 56k dial-up.
A related FYI, an SDSL line from Covad/Earthlink will sometimes show
up in server logs as what appears to be a dial-up address when it's
resolved (i.e. user-XXXXXXX.dialup.mindspring.com rather than
user-XXXXXXX.dsl.mindspring.com).
- Ben Venzke
- --
______________________
IntelCenter
Voice (703) 370-2962
Fax (703) 370-1571
Email - information () intelcenter com
Web - http://www.intelcenter.com
PGP Public Key - available upon request
PO Box 22572
Alexandria, VA 22304-9257
USA
-----BEGIN PGP SIGNATURE-----
Version: PGP 6.5.2
iQA/AwUBO243G/76H8QHdGcYEQJ93QCbBB8dOzsgLLh5cLIfktgZaXhTIM4AoJxC
sf23MqArEvbBX7PkzfupCHwI
=wQnZ
-----END PGP SIGNATURE-----
----------------------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management
and tracking system please see: http://aris.securityfocus.com
Current thread:
- CodeRedII attempts from Cable/DSL/dial-ups Ben N. Venzke (Aug 05)
- RE: CodeRedII attempts from Cable/DSL/dial-ups Thomas Frerichs (Aug 06)
- Re: PWS was: CodeRedII attempts from Cable/DSL/dial-ups Gary Flynn (Aug 06)
- RE: CodeRedII attempts from Cable/DSL/dial-ups Derek Kwan (Aug 06)
- RE: CodeRedII attempts from Cable/DSL/dial-ups Srdjan Nikolic (Aug 06)
- Re: CodeRedII attempts from Cable/DSL/dial-ups Guilherme Mesquita (Aug 07)
- RE: CodeRedII attempts from Cable/DSL/dial-ups Thomas Frerichs (Aug 06)