nanog mailing list archives

Re: Code Red 2 cleanup; reporting..

From: "Steven M. Bellovin" <smb () research att com>
Date: Fri, 10 Aug 2001 08:29:49 +0100


In message <Pine.LNX.4.10.10108100034440.14898-100000 () home highertech net>, mik
e harrison writes:

Spent nearly two days convincing someone who was managing a server that he
was beating up machines all over the company. It finally took someone at


Tonight, 20 minutes after openning up port 80
on a firewall to a server supposedly only running
the latest CITRIX on Port 80 (why 80? Don't ask me?)
and the high paid out of town consultants swearing they
had applied the appropriate patches and were safe, 
they are now broadcasting out the latest CodeRed style worm.

I got some nice sniffit captures from my Linux firewall
though.. this morning will be interesting. I wonder
how they like their crow served.

I've seen a report that the patch is not fully effective -- see 
http://archives.neohapsis.com/archives/incidents/2001-08/0218.html.
That was on incidents.org last night, but it's gone this morning, so 
maybe that claim isn't accurate.

                --Steve Bellovin, http://www.research.att.com/~smb

Current thread:

RE: Code Red 2 cleanup; reporting.., (continued)
- - RE: Code Red 2 cleanup; reporting.. z (Aug 08)
    - Re: Code Red 2 cleanup; reporting.. Andrew McNamara (Aug 09)
    - Re: Code Red 2 cleanup; reporting.. Ryan Tucker (Aug 09)
  - Re: Code Red 2 cleanup; reporting.. Christopher A. Woodfield (Aug 09)
    - Re: Code Red 2 cleanup; reporting.. mike harrison (Aug 09)
    - Re: Code Red 2 cleanup; reporting.. Etaoin Shrdlu (Aug 09)
    - Re: Code Red 2 cleanup; reporting.. mike harrison (Aug 09)
    - Was: Code Red 2 cleanup -- SHOULD NSPs PULL THE PLUG? Solutions? z (Aug 10)
    - Re: Code Red 2 cleanup; reporting.. Mike Lewinski (Aug 09)
    - Re: Code Red 2 cleanup; reporting.. Larry Diffey (Aug 09)
- Re: Code Red 2 cleanup; reporting.. Steven M. Bellovin (Aug 10)
  - Re: Code Red 2 cleanup; reporting.. mike harrison (Aug 11)
    - Re: Code Red 2 cleanup; reporting.. David Lesher (Aug 12)
- Re: Code Red 2 cleanup; reporting.. Steven M. Bellovin (Aug 10)
  - Re: Code Red 2 cleanup; reporting.. Etaoin Shrdlu (Aug 10)
    - Re: Code Red 2 cleanup; reporting.. Valdis . Kletnieks (Aug 10)
    - Re: Code Red 2 cleanup; reporting.. Etaoin Shrdlu (Aug 10)
- Re: Code Red 2 cleanup; reporting.. ken harris. (Aug 10)
- Re: Code Red 2 cleanup; reporting.. David Luyer (Aug 10)
- RE: Code Red 2 cleanup; reporting.. Roeland Meyer (Aug 10)
  - Re: Code Red 2 cleanup; reporting.. Mike Lewinski (Aug 10)

(Thread continues...)