Re: Code Red

[Conor McGrath <conormc () uchicago edu>]

Alfred Huger once said:
> To follow up from my post earlier to the list, I recieved a deluge of
> replies. If nothing else, this worm is costing people money in overtime
> because the number of replies I got was a tad overwhelming.
>
> To be brief, nothing much is happening. I am not going to caveat that with
> 'yet' because I am hoping that both this does not turn into a serious
> event and that I do not have to eat crow for breakfast tommorow when I
> haul myself out of bed. Of course, if our doomsayers are right and we are
> all in for digital armegedon I may not be able to read my mail, which
> might save my pride, for a while at least. Out of the responses I have
> seen to date and they cover very large tracts of the net (two class A
> responders and at least 5 or 6 class B's) no one is seeing anything worth
> deep discussion. Hopefully this will not change.

At 12 hours past Armageddon we are seeing four to five probes per minute
now on our class B.  Not one machine on our network has probed outward,
however.  We'll try to get lists of scanning hosts to the appropriate
places this morning.

-Conor

-- 
Conor McGrath                                           Phone: (773)702-7611
Network Security Officer                                Fax:   (773)702-0559
Network Security Center, The University of Chicago
PGP: http://security.uchicago.edu/centerinfo/pgpkeys.shtml

----------------------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management 
and tracking system please see: http://aris.securityfocus.com