Security Incidents mailing list archives
R: Code Red Doesn't care about TCP sessions?
From: "Giovanni Bobbio" <giovanni () netvalley it>
Date: Fri, 10 Aug 2001 17:24:25 +0200
My IDS recorded tens of thousands of Code Red attacks to 103 servers within my class C. All of them are web servers. Zero alerts towards something that doesn't respond to port 80. This doesn't prove anything, but I would look harder. Giovanni Mark Wiater wrote:
Thanks for confirming this Vern, I thought I was going nuts. (And lot's of folks have told me privately, in response to this note, that I have). I've too spent a fair amount of time trying to find a legitimate reason for this behaviour but can't. There is no NAT in play here.
---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
Current thread:
- Code Red Doesn't care about TCP sessions? Mark Wiater (Aug 09)
- Re: Code Red Doesn't care about TCP sessions? rottz (Aug 10)
- <Possible follow-ups>
- Re: Code Red Doesn't care about TCP sessions? Vern Paxson (Aug 10)
- Re: Code Red Doesn't care about TCP sessions? Mark Wiater (Aug 10)
- R: Code Red Doesn't care about TCP sessions? Giovanni Bobbio (Aug 10)
- Re: Code Red Doesn't care about TCP sessions? Mark Wiater (Aug 10)
- RE: Code Red Doesn't care about TCP sessions? David LeBlanc (Aug 10)