Thanks for making these available. Can you confirm whether this was version 1 or 2 of Code Red? Stuart. lcpat_private wrote: > > Per several requests, I have made these traces available at: > > http://www.bofh.sh/CodeRed/index.html > > These dumps show what the worm was trying to do when the box was infected > in each of its three stages (infect, DDos & sleep) as well as what happens > when the c:\notworm file existed on the infected server. (i.e. nothing.) > > --lcp > > ---------------------------------------------------------------------------- > This list is provided by the SecurityFocus ARIS analyzer service. > For more information on this free incident handling, management > and tracking system please see: http://aris.securityfocus.com -- Stuart Staniford --- President --- Silicon Defense ** Silicon Defense: Technical Support for Snort ** mailto:stuartat_private http://www.silicondefense.com/ (707) 445-4355 x 16 (707) 445-4222 (FAX) ---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
This archive was generated by hypermail 2b30 : Wed Jul 25 2001 - 11:58:16 PDT