Code Red 2 cleanup; reporting..
Steven M. Bellovin
smb at research.att.com
Fri Aug 10 07:29:49 UTC 2001
In message <Pine.LNX.4.10.10108100034440.14898-100000 at home.highertech.net>, mik
e harrison writes:
>
>> Spent nearly two days convincing someone who was managing a server that he
>> was beating up machines all over the company. It finally took someone at
>
>Tonight, 20 minutes after openning up port 80
>on a firewall to a server supposedly only running
>the latest CITRIX on Port 80 (why 80? Don't ask me?)
>and the high paid out of town consultants swearing they
>had applied the appropriate patches and were safe,
>they are now broadcasting out the latest CodeRed style worm.
>
>I got some nice sniffit captures from my Linux firewall
>though.. this morning will be interesting. I wonder
>how they like their crow served.
>
>
>
>
I've seen a report that the patch is not fully effective -- see
http://archives.neohapsis.com/archives/incidents/2001-08/0218.html.
That was on incidents.org last night, but it's gone this morning, so
maybe that claim isn't accurate.
--Steve Bellovin, http://www.research.att.com/~smb
More information about the NANOG
mailing list