On Fri, 11 Jan 2002, Nick FitzGerald wrote: > So, it's deliberate injection into the network in this psuedo- > fragmented form, presumably to beat at least some IDSes or other > filtering mechanisms. At present, I'm trying to determine (if I can) if there is possibly a proxy that might be doing it. Something on the scale of a National Firewall. Nothing but an app proxy would cause that kind of change (working on the assumption that some intermediate network device is doing it.) > If the rest of the code is unchanged, as you > say, then any successfully exploited targets will then only be > spreading the "normal" CodeRed.B, so it won't be too huge an > outbreak. And that is what confuses me. Were it I, I'd rather inject CodeRedII, and get the root.exe backdoor. Ryan ---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
This archive was generated by hypermail 2b30 : Fri Jan 11 2002 - 08:23:28 PST