nanog mailing list archives

Re: Worm probes

From: Hermann Wecke <hermann () rodeios com>
Date: Tue, 18 Sep 2001 12:17:06 -0400 (EDT)


Yes, I saw...

I just contact our local NIC security guys and they told me that there are
two new worms. One is exploiting the backdoors left by codered 2, and
another worm is (possible) a "codered 3", which is defacing the web pages
with anti-chinese and anti-poisonbox messages...

Today is the day... :-((((

On Tue, 18 Sep 2001 sigma () pair com wrote:

Has anyone else been seeing a dramatic increase in /scripts/.. NT worm
probes this morning?  We're seeing about 8000/second, starting around 9:15
Eastern time, to and from a wide variety of addresses.

Is CodeRed or one of its relatives scheduled to start sweeping again today?
We've never seen this level of traffic related to the NT worms.  Even
though we don't run any NT at all, we still have to suffer :(

Kevin

Current thread:

Re: Worm probes, (continued)
- - - Re: Worm probes Bill Larson (Sep 18)
    - Re: Worm probes Christopher X. Candreva (Sep 18)
    - Re: Worm probes Bill Larson (Sep 18)
    - Re: Worm probes sigma (Sep 18)
    - Re: Worm probes Valdis . Kletnieks (Sep 18)
    - RE: Worm probes Eric Germann (Sep 18)
    - Re: Worm probes Ulf Zimmermann (Sep 18)
    - Re: Worm probes k claffy (Sep 18)
    - Re: Worm probes Joe Abley (Sep 18)
- Re: Worm probes Daniel Senie (Sep 18)
- Re: Worm probes Hermann Wecke (Sep 18)
- Re: Worm probes Joseph McDonald (Sep 18)
  - Re: Worm probes Daniel Senie (Sep 18)
  - Re: Worm probes Iljitsch van Beijnum (Sep 18)
    - Re: Worm probes M. David Leonard (Sep 19)
    - Re: Worm probes Brett Frankenberger (Sep 19)
  - Re: Worm probes z (Sep 18)
  - Re[2]: Worm probes David Ulevitch (Sep 18)
    - Re: Re[2]: Worm probes Nick Thompson (Sep 18)
    - Re: Re[2]: Worm probes Rafi Sadowsky (Sep 18)
  - Re: Worm probes Jeff Gehlbach (Sep 18)

(Thread continues...)