On Thu, 19 Jul 2001, Mike Brockman wrote: > >From what i read about the 'Code Red'-worm, it was supposed to be scanning > for IIS-servers. It obviously is'nt, i believe it tries to infect > everything they find on port 80, or something as simple as that. > Run nc -l -p 80 > worm, and you'll get a copy. It's not scanning in any sense, it just tries a connect, and sends the string. Ryan
This archive was generated by hypermail 2b30 : Thu Jul 19 2001 - 17:56:31 PDT