nanog mailing list archives

Re: Code Red 2 cleanup; reporting..

From: mike harrison <meuon () highertech net>
Date: Fri, 10 Aug 2001 00:09:44 -0400 (EDT)

FWIW, I just tried to telnet to the 20 most recent hosts I got Code Red II 
probes from, and didn't get a shell prompt on any of them. Are people 
cleaning up their boxes that quickly?


I have been told, but not personally conformed confirmed of non IIS
machines being infected with CodeRed (I or II not known, assume II).
Infection method: running an file from somewhere? They still scan out
and seek victims, just no webserver running.

Current thread:

Code Red 2 cleanup; reporting.. z (Aug 08)
- RE: Code Red 2 cleanup; reporting.. Mathias Körber (Aug 08)
  - RE: Code Red 2 cleanup; reporting.. z (Aug 08)
    - Re: Code Red 2 cleanup; reporting.. Andrew McNamara (Aug 09)
    - Re: Code Red 2 cleanup; reporting.. Ryan Tucker (Aug 09)
  - Re: Code Red 2 cleanup; reporting.. Christopher A. Woodfield (Aug 09)
    - Re: Code Red 2 cleanup; reporting.. mike harrison (Aug 09)
    - Re: Code Red 2 cleanup; reporting.. Etaoin Shrdlu (Aug 09)
    - Re: Code Red 2 cleanup; reporting.. mike harrison (Aug 09)
    - Was: Code Red 2 cleanup -- SHOULD NSPs PULL THE PLUG? Solutions? z (Aug 10)
    - Re: Code Red 2 cleanup; reporting.. Mike Lewinski (Aug 09)
    - Re: Code Red 2 cleanup; reporting.. Larry Diffey (Aug 09)
- <Possible follow-ups>
- Re: Code Red 2 cleanup; reporting.. Steven M. Bellovin (Aug 10)
  - Re: Code Red 2 cleanup; reporting.. mike harrison (Aug 11)
    - Re: Code Red 2 cleanup; reporting.. David Lesher (Aug 12)
- Re: Code Red 2 cleanup; reporting.. Steven M. Bellovin (Aug 10)
  - Re: Code Red 2 cleanup; reporting.. Etaoin Shrdlu (Aug 10)

(Thread continues...)