nanog mailing list archives
Re: Code Red variants
From: Andrew Barros <abarros () tjhsst edu>
Date: Sat, 4 Aug 2001 23:49:22 -0400
securityfocus.com has several variants that use the same vulnerability
as code red, some of them are not as "nice" as code red. By nice i mean
they 0wn the box, instead of a trivial defacement.
-ajb
On Sat, Aug 04, 2001 at 10:48:09PM -0400, Jeff Ogden wrote:
->
->Do we know if anyone has looked at the code for variants of the worn
->in detail recently? I've seen announcements about new versions with
->better random IP address generation. Does anyone know if other
->aspects of the worm are the same? Is it still set to spread itself
->until the 19th and then switch to attacking the IP address that was
->once www1.whitehouse.gov or are their variants with different dates
->and different IP address or attack scenarios?
->
-> -Jeff
->
->At 4:57 PM -0700 8/4/01, Lou Katz wrote:
->>I'm seeing about 2:1 "XXXXXXXXXXXX" vs "NNNNNNNNNNNN" entries in today's logs.
->>
->>Also, I have over a factor of 20 more entries in Aug than in July.
->>
->>--
->>
->>
->>-=[L]=-
---end quoted text---
--
Andrew Barros <abarros () tjhsst edu>
PGP Key Fingerprint:
D3B8 0800 C45A 143E 5CF0 E112 0A1B AB36 B655 1FB8
Attachment:
_bin
Description:
Current thread:
- Code Red variants Lou Katz (Aug 04)
- Re: Code Red variants Jeff Ogden (Aug 04)
- Code Red II measl (Aug 04)
- Re: Code Red II Stephen J. Wilcox (Aug 05)
- Re: Code Red variants Andrew Barros (Aug 04)
- Re: Code Red variants mike harrison (Aug 05)
- Code Red II measl (Aug 04)
- <Possible follow-ups>
- Fwd: Re: Code Red variants Jeff Ogden (Aug 05)
- Re: Fwd: Re: Code Red variants Marius Strom (Aug 05)
- Re: Fwd: Re: Code Red variants Larry Rosenman (Aug 05)
- Re: Fwd: Re: Code Red variants Marius Strom (Aug 05)
- Re: Code Red variants Jeff Ogden (Aug 04)