Security Incidents mailing list archives
Re: Code Red
From: Conor McGrath <conormc () uchicago edu>
Date: Wed, 1 Aug 2001 07:07:22 -0500
Alfred Huger once said:
To follow up from my post earlier to the list, I recieved a deluge of replies. If nothing else, this worm is costing people money in overtime because the number of replies I got was a tad overwhelming. To be brief, nothing much is happening. I am not going to caveat that with 'yet' because I am hoping that both this does not turn into a serious event and that I do not have to eat crow for breakfast tommorow when I haul myself out of bed. Of course, if our doomsayers are right and we are all in for digital armegedon I may not be able to read my mail, which might save my pride, for a while at least. Out of the responses I have seen to date and they cover very large tracts of the net (two class A responders and at least 5 or 6 class B's) no one is seeing anything worth deep discussion. Hopefully this will not change.
At 12 hours past Armageddon we are seeing four to five probes per minute now on our class B. Not one machine on our network has probed outward, however. We'll try to get lists of scanning hosts to the appropriate places this morning. -Conor -- Conor McGrath Phone: (773)702-7611 Network Security Officer Fax: (773)702-0559 Network Security Center, The University of Chicago PGP: http://security.uchicago.edu/centerinfo/pgpkeys.shtml ---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
Current thread:
- Code Red Alfred Huger (Jul 31)
- Re: Code Red Conor McGrath (Aug 01)
- <Possible follow-ups>
- RE: Code Red Michael Tucker (Aug 01)