RE: CodeRedII attempts from Cable/DSL/dial-ups

["Thomas Frerichs" <tfrerich () shiboleth net>]

It also infects Personal Web Server on Win 2K professional. I know.

Tom Frerichs
(FDISK is your friend)

-----Original Message-----
From: Ben N. Venzke [mailto:bvenzke () tempestco com]
Sent: Monday, August 06, 2001 12:20 AM
To: incidents () securityfocus com
Subject: CodeRedII attempts from Cable/DSL/dial-ups


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

If CodeRedII can only infect Windows 2000 boxes running IIS, why all
of the CodeRedII infection attempts from what appear to be DSL, cable
modem and dial-up boxes?

I could see running a small server on a DSL line but are there really
that many people running IIS on a 56k dial-up.

A related FYI, an SDSL line from Covad/Earthlink will sometimes show
up in server logs as what appears to be a dial-up address when it's
resolved (i.e. user-XXXXXXX.dialup.mindspring.com rather than
user-XXXXXXX.dsl.mindspring.com).


                        - Ben Venzke


- --

______________________
IntelCenter
Voice (703) 370-2962
Fax (703) 370-1571
Email - information () intelcenter com
Web - http://www.intelcenter.com
PGP Public Key - available upon request

PO Box 22572
Alexandria, VA 22304-9257
USA

-----BEGIN PGP SIGNATURE-----
Version: PGP 6.5.2

iQA/AwUBO243G/76H8QHdGcYEQJ93QCbBB8dOzsgLLh5cLIfktgZaXhTIM4AoJxC
sf23MqArEvbBX7PkzfupCHwI
=wQnZ
-----END PGP SIGNATURE-----

----------------------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management
and tracking system please see: http://aris.securityfocus.com


----------------------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management 
and tracking system please see: http://aris.securityfocus.com