Last night out of curiousity I checked the logs from one of our Unix based web servers and found 25 attempts. This server is in a small farm and is only one of the sites we run. Fortunatley the only NT server we have does is not vulnerable to this particular attack. Kris -----Original Message----- From: Crispin Cowan To: George Heuston Cc: 'crime@private' Sent: 7/19/01 6:14 PM Subject: Re: FW: NIPC Daily Report, 19 July 2001 George Heuston wrote: > -----Original Message----- > From: NIPC Watch > Sent: 7/19/01 10:35 AM > Subject: NIPC Daily Report, 19 July 2001 > > Significant Changes and Assessment - No Significant Changes. I see that NIPC is really on top of things :-( Multiple news sources are reporting that the Code Red worm has a wide-spread infection rate, having infected somewhere between 15,000 and 200,000 Microsoft IIS servers. This worm is programmed such that all infected machines will commence pounding whitehouse.gov on July 20th. With the amount of data this worm is programmed to send, and the number of machines it has infected, this will likely not only take out whitehouse.gov, but also cause significant congestion problems elsewhere. Secondary note: the Code Red attack accidentally crashes Cisco 675 and 678 routers, i.e. the common DSL modems that Qwest distributes. Independent confirmation: wirex.com's web logs show 30 attempted Code Red attacks, and our Cisco locked up this morning. Batten down the hatches. Crispin -- Crispin Cowan, Ph.D. Chief Scientist, WireX Communications, Inc. http://wirex.com Security Hardened Linux Distribution: http://immunix.org Available for purchase: http://wirex.com/Products/Immunix/purchase.html
This archive was generated by hypermail 2b30 : Sun May 26 2002 - 11:23:54 PDT