Code Red 2 cleanup; reporting..

Christopher A. Woodfield rekoil at semihuman.com
Thu Aug 9 17:28:03 UTC 2001


FWIW, I just tried to telnet to the 20 most recent hosts I got Code Red II 
probes from, and didn't get a shell prompt on any of them. Are people 
cleaning up their boxes that quickly?

-C

On Thu, Aug 09, 2001 at 02:19:19PM +0800, Mathias K?rber wrote:
> 
> >    Is there an effort abound that would allow for lists of verified 'Code
> > Red 2' infected hosts to be reported for cleanup/mitigation?    
> > By known 'Code
> > Red 2' infected hosts, I mean that root.exe has been found to exist on the
> > host.
> > 
> >   Finding the contact information for a lot of these is proving difficult
> > being that a fair amount of the infected machines are Joe Blow broadband
> > customers.
> 
> Publishing such lists is IMHO not a good idea, as these hosts are vulnerable and
> publishing their addresses would only serve to let more crackers know where to
> go..
> 

-- 
---------------------------
Christopher A. Woodfield		rekoil at semihuman.com

PGP Public Key: http://pgp.mit.edu:11371/pks/lookup?op=get&search=0xB887618B



More information about the NANOG mailing list