Security Incidents mailing list archives
Re: NEW DEVELOPMENT -- Attempts at using CodeRed II systems to perform Denial of Service Attacks and Possible Attacking Tool
From: Ryan Russell <ryan () securityfocus com>
Date: Tue, 7 Aug 2001 19:07:11 -0600 (MDT)
On Tue, 7 Aug 2001, Eyes to the Skies. wrote:
This looks like an attempt to use a CodeRed II infected system to perform a denial of service attack. I don't think I need to stress the severity of this. ==> /var/log/apache/access_log <== [deleted host] - - [07/Aug/2001:17:19:35 -0400] "GET /scripts/..%c1%9c../winnt/system32/cmd.exe?/c+ping.exe+"-v"+igmp+"-t"+"-l"+65000+[deleted target ip]+"-n"+7000+"-w"+0" 404 -
Nothing to do with code red, or it would be root.exe, or /c/winnt/system32/cmd.exe. That one is (I believe): http://www.securityfocus.com/bid/2708 Note that it is only about a month older than the hole Code Red uses, so the number of hosts that were vulnerable to this hole before Code Red (which drove everyone to install all the patches, right? Sure.) is probably just slightly less than the number vulnerable to Code Red. Ryan ---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
Current thread:
- NEW DEVELOPMENT -- Attempts at using CodeRed II systems to perform Denial of Service Attacks and Possible Attacking Tool Eyes to the Skies. (Aug 07)
- Re: NEW DEVELOPMENT -- Attempts at using CodeRed II systems to perform Denial of Service Attacks and Possible Attacking Tool Blake Frantz (Aug 07)
- Re: NEW DEVELOPMENT -- Attempts at using CodeRed II systems to perform Denial of Service Attacks and Possible Attacking Tool Ryan Russell (Aug 08)