Security Incidents mailing list archives
RE: CodeRedII attempts from Cable/DSL/dial-ups
From: Derek Kwan <dkwan () KWAN ca>
Date: Mon, 6 Aug 2001 11:54:26 -0400 (EDT)
Ah... I was wondering..
1) If CodeRed will attack W2K Professional, and now I know.
2) I am getting lots of hits from @Home network (24.x.x.x) and was (sorta)
worndering.... Now I think maybe some @Home user are running W2K
Professional and didn't even know there is Personal Web Server running.
Thx!
\|/ _____ \|/ ***************************************************
"@'/ , . \`@" This e-mail is send with 100% recyclable electrons.
/_| \___/ |__\ ***************************************************
\___U_/ Derek () KWAN ca
On Sun, 5 Aug 2001, Thomas Frerichs wrote:
It also infects Personal Web Server on Win 2K professional. I know. Tom Frerichs (FDISK is your friend) -----Original Message----- From: Ben N. Venzke [mailto:bvenzke () tempestco com] Sent: Monday, August 06, 2001 12:20 AM To: incidents () securityfocus com Subject: CodeRedII attempts from Cable/DSL/dial-ups -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 If CodeRedII can only infect Windows 2000 boxes running IIS, why all of the CodeRedII infection attempts from what appear to be DSL, cable modem and dial-up boxes? I could see running a small server on a DSL line but are there really that many people running IIS on a 56k dial-up. A related FYI, an SDSL line from Covad/Earthlink will sometimes show up in server logs as what appears to be a dial-up address when it's resolved (i.e. user-XXXXXXX.dialup.mindspring.com rather than user-XXXXXXX.dsl.mindspring.com). - Ben Venzke - -- ______________________ IntelCenter Voice (703) 370-2962 Fax (703) 370-1571 Email - information () intelcenter com Web - http://www.intelcenter.com PGP Public Key - available upon request PO Box 22572 Alexandria, VA 22304-9257 USA -----BEGIN PGP SIGNATURE----- Version: PGP 6.5.2 iQA/AwUBO243G/76H8QHdGcYEQJ93QCbBB8dOzsgLLh5cLIfktgZaXhTIM4AoJxC sf23MqArEvbBX7PkzfupCHwI =wQnZ -----END PGP SIGNATURE----- ---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com ---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
Current thread:
- CodeRedII attempts from Cable/DSL/dial-ups Ben N. Venzke (Aug 05)
- RE: CodeRedII attempts from Cable/DSL/dial-ups Thomas Frerichs (Aug 06)
- Re: PWS was: CodeRedII attempts from Cable/DSL/dial-ups Gary Flynn (Aug 06)
- RE: CodeRedII attempts from Cable/DSL/dial-ups Derek Kwan (Aug 06)
- RE: CodeRedII attempts from Cable/DSL/dial-ups Srdjan Nikolic (Aug 06)
- Re: CodeRedII attempts from Cable/DSL/dial-ups Guilherme Mesquita (Aug 07)
- RE: CodeRedII attempts from Cable/DSL/dial-ups Thomas Frerichs (Aug 06)