Security Incidents mailing list archives

Re: CodeRedII attempts from Cable/DSL/dial-ups

From: Guilherme Mesquita <guy () linuxbr com br>
Date: Mon, 6 Aug 2001 16:25:04 -0300

Well if you are that curious to see if other versions of windows can be affected by code red, you can check yourself 
doing a nmap -O -sS -p 80 <host>; then you will see that it is really a Windows NT/2k and not a Win9x... I am sure 
about that :) No, no more mutations at this time...

-- mips

On Sun, 5 Aug 2001 23:19:59 -0700
"Ben N. Venzke" <bvenzke () tempestco com> wrote:

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

If CodeRedII can only infect Windows 2000 boxes running IIS, why all 
of the CodeRedII infection attempts from what appear to be DSL, cable 
modem and dial-up boxes?

I could see running a small server on a DSL line but are there really 
that many people running IIS on a 56k dial-up.

A related FYI, an SDSL line from Covad/Earthlink will sometimes show 
up in server logs as what appears to be a dial-up address when it's 
resolved (i.e. user-XXXXXXX.dialup.mindspring.com rather than 
user-XXXXXXX.dsl.mindspring.com).


                      - Ben Venzke


- -- 

______________________
IntelCenter
Voice (703) 370-2962
Fax (703) 370-1571
Email - information () intelcenter com
Web - http://www.intelcenter.com
PGP Public Key - available upon request

PO Box 22572
Alexandria, VA 22304-9257
USA

-----BEGIN PGP SIGNATURE-----
Version: PGP 6.5.2

iQA/AwUBO243G/76H8QHdGcYEQJ93QCbBB8dOzsgLLh5cLIfktgZaXhTIM4AoJxC
sf23MqArEvbBX7PkzfupCHwI
=wQnZ
-----END PGP SIGNATURE-----

----------------------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management 
and tracking system please see: http://aris.securityfocus.com


----------------------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management 
and tracking system please see: http://aris.securityfocus.com

Current thread:

CodeRedII attempts from Cable/DSL/dial-ups Ben N. Venzke (Aug 05)
- RE: CodeRedII attempts from Cable/DSL/dial-ups Thomas Frerichs (Aug 06)
  - Re: PWS was: CodeRedII attempts from Cable/DSL/dial-ups Gary Flynn (Aug 06)
  - RE: CodeRedII attempts from Cable/DSL/dial-ups Derek Kwan (Aug 06)
- RE: CodeRedII attempts from Cable/DSL/dial-ups Srdjan Nikolic (Aug 06)
- Re: CodeRedII attempts from Cable/DSL/dial-ups Guilherme Mesquita (Aug 07)