Ah... I was wondering.. 1) If CodeRed will attack W2K Professional, and now I know. 2) I am getting lots of hits from @Home network (24.x.x.x) and was (sorta) worndering.... Now I think maybe some @Home user are running W2K Professional and didn't even know there is Personal Web Server running. Thx! \|/ _____ \|/ *************************************************** "@'/ , . \`@" This e-mail is send with 100% recyclable electrons. /_| \___/ |__\ *************************************************** \___U_/ Derekat_private On Sun, 5 Aug 2001, Thomas Frerichs wrote: > It also infects Personal Web Server on Win 2K professional. I know. > > Tom Frerichs > (FDISK is your friend) > > -----Original Message----- > From: Ben N. Venzke [mailto:bvenzkeat_private] > Sent: Monday, August 06, 2001 12:20 AM > To: incidentsat_private > Subject: CodeRedII attempts from Cable/DSL/dial-ups > > > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > If CodeRedII can only infect Windows 2000 boxes running IIS, why all > of the CodeRedII infection attempts from what appear to be DSL, cable > modem and dial-up boxes? > > I could see running a small server on a DSL line but are there really > that many people running IIS on a 56k dial-up. > > A related FYI, an SDSL line from Covad/Earthlink will sometimes show > up in server logs as what appears to be a dial-up address when it's > resolved (i.e. user-XXXXXXX.dialup.mindspring.com rather than > user-XXXXXXX.dsl.mindspring.com). > > > - Ben Venzke > > > - -- > > ______________________ > IntelCenter > Voice (703) 370-2962 > Fax (703) 370-1571 > Email - informationat_private > Web - http://www.intelcenter.com > PGP Public Key - available upon request > > PO Box 22572 > Alexandria, VA 22304-9257 > USA > > -----BEGIN PGP SIGNATURE----- > Version: PGP 6.5.2 > > iQA/AwUBO243G/76H8QHdGcYEQJ93QCbBB8dOzsgLLh5cLIfktgZaXhTIM4AoJxC > sf23MqArEvbBX7PkzfupCHwI > =wQnZ > -----END PGP SIGNATURE----- > > ---------------------------------------------------------------------------- > This list is provided by the SecurityFocus ARIS analyzer service. > For more information on this free incident handling, management > and tracking system please see: http://aris.securityfocus.com > > > ---------------------------------------------------------------------------- > This list is provided by the SecurityFocus ARIS analyzer service. > For more information on this free incident handling, management > and tracking system please see: http://aris.securityfocus.com > ---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
This archive was generated by hypermail 2b30 : Mon Aug 06 2001 - 11:29:41 PDT