This seems pretty weird to me - I can see the strings for the sockets calls in the worm. You can't get a Win2k box to ignore whether it gets a SYN-ACK using normal socket calls in any way that I'm aware of. > -----Original Message----- > From: rottzat_private [mailto:rottzat_private] > Sent: Thursday, August 09, 2001 4:04 PM > To: mwiaterat_private > Cc: incidentsat_private > Subject: Re: Code Red Doesn't care about TCP sessions? > > > >Mark Wiater wrote: > > A closer look at the data showed that many of the Code Red attacks > >were directed at machines that I KNEW were not able to > receive port 80 > >through the firewalls. So how did Code Red get so far as to > send the > >GET request when there was no SYN, SYN/ACK, ACK??? ---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
This archive was generated by hypermail 2b30 : Fri Aug 10 2001 - 13:05:14 PDT