nanog mailing list archives
Re: Code Red on dial-in ppp
From: "Jason A. Mills" <phyxis () rottweiler org>
Date: Sat, 21 Jul 2001 09:28:08 -0700 (PDT)
I'm not sure I see why a POTS PPP link, or some other slow(er) on demand link might stop CodeRed. The first-pass payload is under 4096 bytes including framing, not exactly something you need a lot of low-latency bandwidth to push through. :-/ -J On Sat, 21 Jul 2001, Mitch Halmu wrote:
You may have received the following from codered () securityfocus com This mail is from the ARIS Analyzer Service (Attack Registry and Intelligence Service) from SecurityFocus. It has come to our attention that your system(s), listed below have been identified as being compromised by the Code Red Worm. The Code Red Worm is rapidly spreading across the Internet, compromising vulnerable Windows NT IIS servers. The addresses identified as belonging to you are as follows: [ dynamic dial-in ip ] [ dynamic dial-in ip ] [snip] This makes me think that the worm is capable to infect not only dedicated web servers, but also dial-in customers running ppp that happen to be online when the attack occurs. NetSide is an all Sun sparc shop and we don't have any Windows based machines, but I can see this worm being alive and spreading for a long time if dial-in users are affected. Unfortunately, they don't provide a date and time stamp, so identifying the actual user is not possible. I can provide web server log extracts to whomever collects/analyzes such information (John O., sorry but you're bouncing my email - get rid of MAPS). --Mitch NetSide
Jason A. Mills phyxis () rottweiler org ---------------------------------------------- "La morale est la faiblesse de la cervelle." Arthur Rimbaud --- Une Saison en Enfer
Current thread:
- Code Red on dial-in ppp Mitch Halmu (Jul 21)
- Re: Code Red on dial-in ppp Jason A. Mills (Jul 21)
- Re: Code Red on dial-in ppp Mitch Halmu (Jul 21)
- Re: Code Red on dial-in ppp up (Jul 21)
- Re: Code Red on dial-in ppp Damon M. Conway (Jul 21)
- Re: Code Red on dial-in ppp Chris Adams (Jul 21)
- Re: Code Red on dial-in ppp John Kristoff (Jul 21)
- Re: Code Red on dial-in ppp Keith Woodworth (Jul 21)
- Re: Code Red on dial-in ppp Mitch Halmu (Jul 21)
- Code Red seemingly on firewall (Re: Code Red on dial-in ppp) E.B. Dreger (Jul 21)
- Re: Code Red on dial-in ppp Jason A. Mills (Jul 21)