Nmap Security Scanner
*Intro
*Ref Guide
*Install Guide
*Download
*Changelog
*Book
*Docs
Security Lists
*Nmap Hackers
*Nmap Dev
*Bugtraq
*Full Disclosure
*Pen Test
*Basics
*More
Security Tools
*Pass crackers
*Sniffers
*Vuln Scanners
*Web scanners
*Wireless
*Exploitation
*Packet crafters
*More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:
edgeos



Security Incidents: RE: Code Red, anyone?

RE: Code Red, anyone?

From: Coen Bongers <CoB_at_Kikke.Net>
Date: Wed, 1 Aug 2001 12:56:43 +0200

Hi all,

I'm starting to see the first infection attempts to systems on the cable
modem netblock on my snort IDS at home.

(Funny, I can see all the traffic in mij neighbourhood on my cable modem
connection, is that normal?) ;-)

Some relative info:

Snort 1.7 with standard rules, and the CodeRed additional rules.

                                                                                Source Dest
#0-(6-107) CodeRed Defacement 2001-08-01 09:44:58 211.205.83.13:2008
212.xxx.xxx.xxx:80 TCP
#1-(6-131) CodeRed Defacement 2001-08-01 11:17:50 211.41.180.163:2566
212.xxx.xxx.yyy:80 TCP

Time is in GMT +1 and as far I can tell are the sources two closely related
Korean hosts
And a quick scan with the eEye CodeRed scanner (Thank you quys!!) is telling
me that both servers are to be considered vulnerable.

Is it starting, or am I just (un)lucky to see a couple???

take care,

Coen Bongers
Senior Network Engineer

Mobiel: 06-2001 7443
E-mail: CoB_at_Kikke.net

-----Original Message-----
From: Alfred Huger [mailto:ah_at_securityfocus.com]
Sent: woensdag 1 augustus 2001 3:31
To: incidents_at_securityfocus.com
Subject: Code Red, anyone?

I realize that most of you have taken shelter and are awaiting the
impending demise of the Internet s we know it. However for those of you
stalwart bastions of courage who are still manning the ship in the face of
this clear and present danger, I have a question. Anyone seeing Code Red
activity yet?

I just took a poll through our sensors in ARIS and see almost no activity
at least none worth commenting on. Anyone else?

VP Engineering
SecurityFocus.com
"Vae Victis"

----------------------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management
and tracking system please see: http://aris.securityfocus.com

----------------------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management
and tracking system please see: http://aris.securityfocus.com
Received on Aug 01 2001

[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
edgeos