Security Incidents mailing list archives

Re: Code Red, anyone?

From: Ryan Russell <ryan () securityfocus com>
Date: Wed, 1 Aug 2001 09:46:18 -0600 (MDT)

2001-08-01 15:03:54, 2002500, Suspicious URL, 210.63.234.152, ,
v.v.v.v, , , 1,

Strange, BlackICE Defender doesn't log timezone explicitly, I guess.  I'm
PDT, and this was 8:03 A.M., so the log entry must be UTC.

My first Code Red this week, on my home machine this morning.  I captured
it, it's standard CRv2.

As a side note, I had an e-mail from ISS last night that said they've got
a new set of sigs for Real Secure, including the .ida overflow.  I imagine
most ISS admins get the same mail, but just in case...

                                                Ryan


----------------------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management 
and tracking system please see: http://aris.securityfocus.com

Current thread:

Code Red, anyone? Alfred Huger (Jul 31)
- Code Red, anyone? Russell Fulton (Jul 31)
- Re: Code Red, anyone? Glenn Forbes Fleming Larratt (Jul 31)
  - Re: Code Red, anyone? Michael Sullenszino (Aug 01)
- Re: Code Red, anyone? S. Staniford (Jul 31)
- Re: Code Red, anyone? Joseph Nicholas Yarbrough (Aug 01)
- Re: Code Red, anyone? thomas lakofski (Aug 01)
- RE: Code Red, anyone? Coen Bongers (Aug 01)
- Re: Code Red, anyone? Ryan Russell (Aug 01)
  - Re: Code Red, anyone? Kman (Aug 01)
- <Possible follow-ups>
- Re: Code Red, anyone? Ken Eichman (Aug 01)
  - unsubscribe me please Christophe Bernigaud (Aug 01)
- RE: Code Red, anyone? Information Security (Aug 01)
  - RE: Code Red, anyone? Chip McClure (Aug 01)
- RE: Code Red, anyone? Jürgen Nieveler (Aug 01)
  - Re: Code Red, anyone? Seth Arnold (Aug 01)
- Re: Code Red, anyone? Pat Wilson (Aug 01)
  - Re: Code Red, anyone? jan (Aug 01)
  - Re: Code Red, anyone? Pluto (Aug 01)

(Thread continues...)