Nmap Security Scanner
*Intro
*Ref Guide
*Install Guide
*Download
*Changelog
*Book
*Docs
Security Lists
*Nmap Hackers
*Nmap Dev
*Bugtraq
*Full Disclosure
*Pen Test
*Basics
*More
Security Tools
*Pass crackers
*Sniffers
*Vuln Scanners
*Web scanners
*Wireless
*Exploitation
*Packet crafters
*More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:
edgeos



Security Incidents: Re: Code Red, anyone?

Re: Code Red, anyone?

From: Glenn Forbes Fleming Larratt <glratt_at_io.com>
Date: Tue, 31 Jul 2001 21:31:37 -0500 (CDT)

Here at (unnamed-for-policy-reasons academic Class B) we've seen
exactly one packet matching our Snort rule for IIS exploit attempts of
the sort that include Code Red (from 195.219.102.44 in .de, FWIW).

We've also examined MRTG graphs of all our network and subnet links,
paying particular attention to the turnover of 0000 UTC 1 August, and
have observed no anomalies in traffic flows that would indicate either
widespread infection or DDoS attempts.

        -g

On Tue, 31 Jul 2001, Alfred Huger wrote:

> I realize that most of you have taken shelter and are awaiting the
> impending demise of the Internet as we know it. However for those of you
> stalwart bastions of courage who are still manning the ship in the face of
> this clear and present danger, I have a question. Anyone seeing Code Red
> activity yet?
> 

-- 
Glenn Forbes Fleming Larratt         The Lab Ratt (not briggs :-)
glratt@io.com                        http://www.io.com/~glratt
There are imaginary bugs to chase in heaven.
----------------------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management 
and tracking system please see: http://aris.securityfocus.com
Received on Aug 01 2001
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
edgeos