Per several requests, I have made these traces available at: http://www.bofh.sh/CodeRed/index.html These dumps show what the worm was trying to do when the box was infected in each of its three stages (infect, DDos & sleep) as well as what happens when the c:\notworm file existed on the infected server. (i.e. nothing.) --lcp ---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
This archive was generated by hypermail 2b30 : Wed Jul 25 2001 - 09:50:21 PDT