Nmap Security Scanner
*Intro
*Ref Guide
*Install Guide
*Download
*Changelog
*Book
*Docs
Security Lists
*Nmap Hackers
*Nmap Dev
*Bugtraq
*Full Disclosure
*Pen Test
*Basics
*More
Security Tools
*Pass crackers
*Sniffers
*Vuln Scanners
*Web scanners
*Wireless
*Exploitation
*Packet crafters
*More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:
edgeos



Security Incidents: Re: Code Red, anyone?

Re: Code Red, anyone?

From: Michael Sullenszino <mikesz_at_sullenszino.org>
Date: Wed, 1 Aug 2001 07:45:45 -0700

Well, after emerging from the fallout shelter, I checked my NIDS for
three different companies' subnets. Grand total: 48 instances of
CodeRed signature matches (coincidentally, 16 incidents per site).

<g>Well, thank goodness we brought in a third T1 to handle the stress.
</g>

Mike

On Tue, Jul 31, 2001 at 09:31:37PM -0500, Glenn Forbes Fleming Larratt wrote:
> Here at (unnamed-for-policy-reasons academic Class B) we've seen
> exactly one packet matching our Snort rule for IIS exploit attempts of
> the sort that include Code Red (from 195.219.102.44 in .de, FWIW).
>
> We've also examined MRTG graphs of all our network and subnet links,
> paying particular attention to the turnover of 0000 UTC 1 August, and
> have observed no anomalies in traffic flows that would indicate either
> widespread infection or DDoS attempts.
>
> -g
>
> On Tue, 31 Jul 2001, Alfred Huger wrote:
>
> > I realize that most of you have taken shelter and are awaiting the
> > impending demise of the Internet as we know it. However for those of you
> > stalwart bastions of courage who are still manning the ship in the face of
> > this clear and present danger, I have a question. Anyone seeing Code Red
> > activity yet?
> >
> --
> Glenn Forbes Fleming Larratt The Lab Ratt (not briggs :-)
> glratt@io.com http://www.io.com/~glratt
> There are imaginary bugs to chase in heaven.
>
>
> ----------------------------------------------------------------------------
> This list is provided by the SecurityFocus ARIS analyzer service.
> For more information on this free incident handling, management
> and tracking system please see: http://aris.securityfocus.com
>
> 

-- 
Michael Sullenszino    /----------------------------------------\
mike_at_sullenszino.org  ||  Powered by OpenBSD (www.OpenBSD.org)  ||
www.sullenszino.org   ||   & Debian GNU/Linux (www.debian.org)  ||
206.722.6539           \----------------------------------------/
----------------------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management 
and tracking system please see: http://aris.securityfocus.com
Received on Aug 01 2001
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
edgeos