Code Red

Dave Stewart dbs at
Fri Jul 20 03:31:58 UTC 2001

At 11:12 PM 7/19/2001, lucifer at wrote:
>Reports from our monitoring systems saw the CPU usage jump by somewhere
>between 150-200% for our core routers today; our current theory is that

Web servers that were hit beginning this morning at 11:26:41 EDT have not 
seen another attempt since 19:49:53.

I'm wondering if this because it was coming up on 00:00:00 GMT 20-July-2001.

According to the PC-Cillin write up, the 100-thread scan only takes place 
if the system date is less than 20, but if it's 20-28, it launches it's DOS 
attack at

Does anybody really know yet what payloads this thing is carrying?

More information about the NANOG mailing list