Re: Large ISP response to Code Red?

From: Blake Frantz (blakeat_private)
Date: Tue Jul 31 2001 - 08:10:35 PDT

  • Next message: Gary Maltzen: "Re: Port 119 Scans"

    > Anything in particular that you have in mind for an SP to do 'to prevent
    an
    > even worse reinfection phase' which is specific to Code Red?  It's
    probably 
    
    I downloaded the RedCode Scanner from eEye at
    http://www.eeye.com/html/Research/Tools/codered.html 
     
    scanned our IP space (dial-ups included), contacted (by phone) the admins of
    the vulnerable servers, and emailed them the step by step instruction on how
    to patch their servers (which can be found here) :
    http://www.microsoft.com/technet/treeview/default.asp?url=/technet/itsolutio
    ns/security/topics/codeptch.asp
    
    Additionally, rules have been added to our IDS to detect RedCode activity.
    
    Blake Frantz  A+, CNA, CCNA, MCSE
    Network Security Analyst
    mc.net
    720 Industrial Drive #121
    Cary, IL 60013
    phn: (847)-594-5111 x5734
    fax: (847)-639-0097
    mailto:blakeat_private
    http://www.mc.net
    
    
    ----------------------------------------------------------------------------
    This list is provided by the SecurityFocus ARIS analyzer service.
    For more information on this free incident handling, management 
    and tracking system please see: http://aris.securityfocus.com
    



    This archive was generated by hypermail 2b30 : Tue Jul 31 2001 - 09:31:55 PDT