nanog mailing list archives
Re: CodeRedII worm..
From: Larry Sheldon <lsheldon () creighton edu>
Date: Sun, 05 Aug 2001 10:15:20 CDT
worm creates a known backdoor. I'm certain that both the CodeRedII author and other black hats would love for us to compile a list of afflicted hosts for them to use.They have a few 'friendly' webservers collecting addresses just like we do. Everyone on the 'net with a sniffer or web log now has such a list. It's a good thought though.
If we are pretty sure that is the case, how about posting a list somewhere for the good guys to see--or somebody send email to the ARIN-listed contact for the IP addresses detected. I'm trying to build a detector here, but it is hard, given the resources I can bring to bear. Mostly me, which means we are in really bad shape, resource-wise.
Current thread:
- CodeRedII worm.. Valdis . Kletnieks (Aug 05)
- Re: CodeRedII worm.. mike harrison (Aug 05)
- <Possible follow-ups>
- Re: CodeRedII worm.. Larry Sheldon (Aug 05)
- Re: CodeRedII worm.. Daniel Senie (Aug 05)
- Does Code Red infect Windows NT? Jeff Ogden (Aug 06)
- Re: Does Code Red infect Windows NT? John M Pedro (Aug 06)
- Re: CodeRedII worm.. Daniel Senie (Aug 05)