Hard data on network impact of the "Code Red" worm?

Roeland Meyer rmeyer at mhsc.com
Tue Jul 31 07:30:43 UTC 2001

> From: Hank Nussbacher [mailto:hank at att.net.il]
> Sent: Monday, July 30, 2001 11:41 PM

> bandwidth - typically FastEthernet.  So targetting IIS 
> servers is a sure 
> way of maximizing your zombie power (the only more powerful 
> worm would be 
> an Apache zombie which has about 18M potential clients or a 
> bind worm-zombie).

Cut it out! You're making my blood run cold. Four years ago, I had three
systems cracked by mwsh. The entry was via BIND. They were a Linux boxen and
the exploit downloaded mwsh source code and compiled it. It could, just as
easily, do that with CodeRed sources. Fortunatelyy, most BIND installations
have been upgraded since then. But, I'll bet that there are a few that
haven't been. Is Raul Dhesi listening?


More information about the NANOG mailing list