nanog mailing list archives
Re: Code Red variants
From: Jeff Ogden <jogden () merit edu>
Date: Sat, 4 Aug 2001 22:48:09 -0400
Do we know if anyone has looked at the code for variants of the worn in detail recently? I've seen announcements about new versions with better random IP address generation. Does anyone know if other aspects of the worm are the same? Is it still set to spread itself until the 19th and then switch to attacking the IP address that was once www1.whitehouse.gov or are their variants with different dates and different IP address or attack scenarios?
-Jeff At 4:57 PM -0700 8/4/01, Lou Katz wrote:
I'm seeing about 2:1 "XXXXXXXXXXXX" vs "NNNNNNNNNNNN" entries in today's logs. Also, I have over a factor of 20 more entries in Aug than in July. -- -=[L]=-
Current thread:
- Code Red variants Lou Katz (Aug 04)
- Re: Code Red variants Jeff Ogden (Aug 04)
- Code Red II measl (Aug 04)
- Re: Code Red II Stephen J. Wilcox (Aug 05)
- Re: Code Red variants Andrew Barros (Aug 04)
- Re: Code Red variants mike harrison (Aug 05)
- Code Red II measl (Aug 04)
- <Possible follow-ups>
- Fwd: Re: Code Red variants Jeff Ogden (Aug 05)
- Re: Fwd: Re: Code Red variants Marius Strom (Aug 05)
- Re: Fwd: Re: Code Red variants Larry Rosenman (Aug 05)
- Re: Fwd: Re: Code Red variants Marius Strom (Aug 05)
- Re: Code Red variants Jeff Ogden (Aug 04)