RE: CodeRedII attempts from Cable/DSL/dial-ups

From: Derek Kwan (dkwanat_private)
Date: Mon Aug 06 2001 - 08:54:26 PDT

Next message: dmuz: "Method to Clean up IIS servers hit by CRv2"

Previous message: Jay D. Dyson: "Re: What use is the NIPC?"
In reply to: Thomas Frerichs: "RE: CodeRedII attempts from Cable/DSL/dial-ups"
Next in thread: Srdjan Nikolic: "RE: CodeRedII attempts from Cable/DSL/dial-ups"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Ah... I was wondering..

1) If CodeRed will attack W2K Professional, and now I know.

2) I am getting lots of hits from @Home network (24.x.x.x) and was (sorta)
worndering.... Now I think maybe some @Home user are running W2K
Professional and didn't even know there is Personal Web Server running.

Thx!

 \|/ _____ \|/    ***************************************************
 "@'/ , . \`@"    This e-mail is send with 100% recyclable electrons.
 /_| \___/ |__\   ***************************************************
    \___U_/       Derekat_private


On Sun, 5 Aug 2001, Thomas Frerichs wrote:

> It also infects Personal Web Server on Win 2K professional. I know.
> 
> Tom Frerichs
> (FDISK is your friend)
> 
> -----Original Message-----
> From: Ben N. Venzke [mailto:bvenzkeat_private]
> Sent: Monday, August 06, 2001 12:20 AM
> To: incidentsat_private
> Subject: CodeRedII attempts from Cable/DSL/dial-ups
> 
> 
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
> 
> If CodeRedII can only infect Windows 2000 boxes running IIS, why all
> of the CodeRedII infection attempts from what appear to be DSL, cable
> modem and dial-up boxes?
> 
> I could see running a small server on a DSL line but are there really
> that many people running IIS on a 56k dial-up.
> 
> A related FYI, an SDSL line from Covad/Earthlink will sometimes show
> up in server logs as what appears to be a dial-up address when it's
> resolved (i.e. user-XXXXXXX.dialup.mindspring.com rather than
> user-XXXXXXX.dsl.mindspring.com).
> 
> 
> 			- Ben Venzke
> 
> 
> - --
> 
> ______________________
> IntelCenter
> Voice (703) 370-2962
> Fax (703) 370-1571
> Email - informationat_private
> Web - http://www.intelcenter.com
> PGP Public Key - available upon request
> 
> PO Box 22572
> Alexandria, VA 22304-9257
> USA
> 
> -----BEGIN PGP SIGNATURE-----
> Version: PGP 6.5.2
> 
> iQA/AwUBO243G/76H8QHdGcYEQJ93QCbBB8dOzsgLLh5cLIfktgZaXhTIM4AoJxC
> sf23MqArEvbBX7PkzfupCHwI
> =wQnZ
> -----END PGP SIGNATURE-----
> 
> ----------------------------------------------------------------------------
> This list is provided by the SecurityFocus ARIS analyzer service.
> For more information on this free incident handling, management
> and tracking system please see: http://aris.securityfocus.com
> 
> 
> ----------------------------------------------------------------------------
> This list is provided by the SecurityFocus ARIS analyzer service.
> For more information on this free incident handling, management 
> and tracking system please see: http://aris.securityfocus.com
> 


----------------------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management 
and tracking system please see: http://aris.securityfocus.com

Next message: dmuz: "Method to Clean up IIS servers hit by CRv2"
Previous message: Jay D. Dyson: "Re: What use is the NIPC?"
In reply to: Thomas Frerichs: "RE: CodeRedII attempts from Cable/DSL/dial-ups"
Next in thread: Srdjan Nikolic: "RE: CodeRedII attempts from Cable/DSL/dial-ups"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Mon Aug 06 2001 - 11:29:41 PDT