Bugtraq mailing list archives
RE: 'Code Red' does not seem to be scanning for IIS
From: Duncan Hill <dhill () pct edu>
Date: Thu, 19 Jul 2001 20:14:47 -0400 (EDT)
On Thu, 19 Jul 2001, Kelly Martin wrote:
thousand hits on our IP block in the past six hours or so with none before that, and that doesn't even count the ones that smacked silently against the firewall (port 80 is only open through the firewall to hosts that actually run public web servers, which is only a tiny fraction of the IPs in the block).
Something I've noticed in our Apache logs - 70% of the hits (maybe 20 so far) are from cable modem and adsl style addresses (according to the dig data). Notably @home and mediaone. I've attempted to mail some places that their server is infected. Of 5 mails sent, 3 bounced as undeliverable to webmaster@domain. One actually routed through two aliases before bouncing! Oh well, the Apache server is immune, the IIS server is patched, but there are no hits in its logs (though there were plenty for the cmd.exe exploit). As a side note, our address block is in the 12.x.x.x range.. perhaps AT&T isn't counted as a good target? -- Sapere aude My mind not only wanders, it sometimes leaves completely.
Current thread:
- 'Code Red' does not seem to be scanning for IIS Mike Brockman (Jul 19)
- RE: 'Code Red' does not seem to be scanning for IIS Marc Maiffret (Jul 19)
- RE: 'Code Red' does not seem to be scanning for IIS Emre Yildirim (Jul 19)
- Re: 'Code Red' does not seem to be scanning for IIS Ethan Butterfield (Jul 19)
- Re: 'Code Red' does not seem to be scanning for IIS daniel uriah clemens (Jul 19)
- Re: 'Code Red' does not seem to be scanning for IIS Ryan Russell (Jul 19)
- <Possible follow-ups>
- RE: 'Code Red' does not seem to be scanning for IIS Kelly Martin (Jul 19)
- Re(2): 'Code Red' does not seem to be scanning for IIS Ken Eichman (Jul 19)
- RE: 'Code Red' does not seem to be scanning for IIS Duncan Hill (Jul 19)
- Re: 'Code Red' does not seem to be scanning for IIS Stephen Cimarelli (Jul 19)
- RE: 'Code Red' does not seem to be scanning for IIS Tony Langdon (Jul 19)
- Re: 'Code Red' does not seem to be scanning for IIS George William Herbert (Jul 20)
- RE: 'Code Red' does not seem to be scanning for IIS Marc Maiffret (Jul 19)