RE: FW: NIPC Daily Report, 19 July 2001

From: Kris Quinby (kquinby@private)
Date: Fri Jul 20 2001 - 09:12:53 PDT

  • Next message: Zot O'Connor: "[Fwd: [PLUG] Dmitry Sklyarov Protest July 23rd]"

     Last night out of curiousity I checked the logs from one of our Unix based
    web servers and found 25 attempts.  This server is in a small farm and is
    only one of the sites we run.  Fortunatley the only NT server we have does
    is not vulnerable to this particular attack.
    
    Kris
    
    -----Original Message-----
    From: Crispin Cowan
    To: George Heuston
    Cc: 'crime@private'
    Sent: 7/19/01 6:14 PM
    Subject: Re: FW: NIPC Daily Report, 19 July 2001
    
    George Heuston wrote:
    
    > -----Original Message-----
    > From: NIPC Watch
    > Sent: 7/19/01 10:35 AM
    > Subject: NIPC Daily Report, 19 July 2001
    >
    > Significant Changes and Assessment  - No Significant Changes.
    
    I see that NIPC is really on top of things :-(
    
    Multiple news sources are reporting that the Code Red worm has a
    wide-spread infection rate, having infected somewhere between 15,000 and
    200,000 Microsoft IIS servers.  This worm is programmed such that all
    infected machines will commence pounding whitehouse.gov on July 20th.
    With
    the amount of data this worm is programmed to send, and the number of
    machines it has infected, this will likely not only take out
    whitehouse.gov, but also cause significant congestion problems
    elsewhere.
    
    Secondary note: the Code Red attack accidentally crashes Cisco 675 and
    678
    routers, i.e. the common DSL modems that Qwest distributes.
    
    Independent confirmation:  wirex.com's web logs show 30 attempted Code
    Red
    attacks, and our Cisco locked up this morning.
    
    Batten down the hatches.
    
    Crispin
    
    --
    Crispin Cowan, Ph.D.
    Chief Scientist, WireX Communications, Inc. http://wirex.com
    Security Hardened Linux Distribution:       http://immunix.org
    Available for purchase: http://wirex.com/Products/Immunix/purchase.html
    



    This archive was generated by hypermail 2b30 : Sun May 26 2002 - 11:23:54 PDT