As I was sitting here filtering out all the "Code Red" hits on my IDS's and Firewall's a thought occurred to me... This could be a hackers delight... in the sense that all a hacker has to do is sit back and wait for the "Code Red" hits to show up in his logs. He then has a potential list of targets which are known to be vulnerable. No searching required. Using the code provided by that Japanse dude "Speed Junkie" they could easily go through on each of these boxes as they appear in the logs. The user will assume (if they ever figure it out) that it was just the "Code Red" worm... But my point all these boxes infected by the are simply becon's saying "Come hack me! and here's my IP so you don't have to search for me" Hmmmm hope for everyone's (everyone meaning IIS users) sake that I am the only one to think of this. ======================================================= Jimmy Sadri jimmys@private Network Engineer/ jimmys@private Security Consultant
This archive was generated by hypermail 2b30 : Sun May 26 2002 - 11:24:05 PDT