R: Code Red Doesn't care about TCP sessions?

From: Giovanni Bobbio (giovanniat_private)
Date: Fri Aug 10 2001 - 08:24:25 PDT

Next message: David LeBlanc: "RE: Code Red Doesn't care about TCP sessions?"

Previous message: Steve Halligan: "What the *** is this"
In reply to: Mark Wiater: "Re: Code Red Doesn't care about TCP sessions?"
Next in thread: rottzat_private: "Re: Code Red Doesn't care about TCP sessions?"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

My IDS recorded tens of thousands of Code Red attacks to 103 servers within
my class C.
All of them are web servers. Zero alerts towards something that doesn't
respond to port 80.

This doesn't prove anything, but I would look harder.

Giovanni

Mark Wiater wrote:

> Thanks for confirming this Vern, I thought I was going nuts. (And
> lot's of
> folks have told me privately, in response to this note, that I have).
>
> I've too spent a fair amount of time trying to find a legitimate
> reason for
> this behaviour but can't. There is no NAT in play here.

----------------------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management 
and tracking system please see: http://aris.securityfocus.com

Next message: David LeBlanc: "RE: Code Red Doesn't care about TCP sessions?"
Previous message: Steve Halligan: "What the *** is this"
In reply to: Mark Wiater: "Re: Code Red Doesn't care about TCP sessions?"
Next in thread: rottzat_private: "Re: Code Red Doesn't care about TCP sessions?"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Fri Aug 10 2001 - 13:04:33 PDT