nanog mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Code Red 2 cleanup; reporting..

From: "Christopher A. Woodfield" <rekoil () semihuman com>
Date: Thu, 9 Aug 2001 13:28:03 -0400

FWIW, I just tried to telnet to the 20 most recent hosts I got Code Red II 
probes from, and didn't get a shell prompt on any of them. Are people 
cleaning up their boxes that quickly?

-C

On Thu, Aug 09, 2001 at 02:19:19PM +0800, Mathias K?rber wrote:



   Is there an effort abound that would allow for lists of verified 'Code
Red 2' infected hosts to be reported for cleanup/mitigation?    
By known 'Code
Red 2' infected hosts, I mean that root.exe has been found to exist on the
host.

  Finding the contact information for a lot of these is proving difficult
being that a fair amount of the infected machines are Joe Blow broadband
customers.


Publishing such lists is IMHO not a good idea, as these hosts are vulnerable and
publishing their addresses would only serve to let more crackers know where to
go..



-- 
---------------------------
Christopher A. Woodfield                rekoil () semihuman com

PGP Public Key: http://pgp.mit.edu:11371/pks/lookup?op=get&search=0xB887618B
Previous By Date Next
Previous By Thread Next

Current thread: