An update. It's now 0100z on July 20. As predicted, the attack rate of the Code Red worm has fallen to practically zero (and someone's even slipped in a couple of portscan and named probes for something different...), and suspicious traffic has fallen to pre-Code Red levels. The droppoff was sudden and coincident with the rolling over of the UTC date. Microsoft patches here prevented any local infestation, and I have filtering rules to prevent the spread of the worm from here, just to be safe. Somehow, I think things aren't so good at the White House, right now. Tony Langdon. Systems Development and Support. ATC Training Australasia. Level 2 321 Exhibition St Melbourne 3000. Phone: 1300 13 1983 WWW: http://www.atctraining.com.au > -----Original Message----- > From: Vern Paxson [mailto:vernat_private] > Sent: Friday, 20 July 2001 9:50 > To: Joe Harris > Cc: BUGTRAQ > Subject: Re: [BUGTRAQ] Full analysis of the .ida "Code Red" worm. > > > > So far today, it's been 1.17 million different remote hosts. > > Damn, serious methodology error in crunching that. The correct > figure is (I now believe :-) 293,000. > > Vern >
This archive was generated by hypermail 2b30 : Thu Jul 19 2001 - 21:48:33 PDT