> Anything in particular that you have in mind for an SP to do 'to prevent an > even worse reinfection phase' which is specific to Code Red? It's probably I downloaded the RedCode Scanner from eEye at http://www.eeye.com/html/Research/Tools/codered.html scanned our IP space (dial-ups included), contacted (by phone) the admins of the vulnerable servers, and emailed them the step by step instruction on how to patch their servers (which can be found here) : http://www.microsoft.com/technet/treeview/default.asp?url=/technet/itsolutio ns/security/topics/codeptch.asp Additionally, rules have been added to our IDS to detect RedCode activity. Blake Frantz A+, CNA, CCNA, MCSE Network Security Analyst mc.net 720 Industrial Drive #121 Cary, IL 60013 phn: (847)-594-5111 x5734 fax: (847)-639-0097 mailto:blakeat_private http://www.mc.net ---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
This archive was generated by hypermail 2b30 : Tue Jul 31 2001 - 09:31:55 PDT