Yea... We were watching this yesterday... It looks like the packets are coming from WIN2K IPSec enabled web servers... It goes back to the 19th... VPN??? WIN2K interaction with the worm? Incidental? Who knows???? We were gonna call it the SKI portion of the Red Code worm... We will release more info on this as we look into it further. Scott Gordon & Matt Baudendistel reply to: baudendistat_private ---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
This archive was generated by hypermail 2b30 : Thu Aug 02 2001 - 12:09:43 PDT