[iwar] Code Red worm

From: Gary Warner (gar@askgar.com)
Date: 2001-07-20 04:21:30


Return-Path: <sentto-279987-1441-995620927-fc=all.net@returns.onelist.com>
Delivered-To: fc@all.net
Received: from 204.181.12.215 by localhost with POP3 (fetchmail-5.1.0) for fc@localhost (single-drop); Fri, 20 Jul 2001 02:23:07 -0700 (PDT)
Received: (qmail 7431 invoked by uid 510); 20 Jul 2001 08:24:51 -0000
Received: from n2.groups.yahoo.com (216.115.96.52) by 204.181.12.215 with SMTP; 20 Jul 2001 08:24:51 -0000
X-eGroups-Return: sentto-279987-1441-995620927-fc=all.net@returns.onelist.com
Received: from [10.1.4.54] by hi.egroups.com with NNFMP; 20 Jul 2001 09:22:07 -0000
X-Sender: gar@askgar.com
X-Apparently-To: iwar@yahoogroups.com
Received: (EGP: mail-7_2_0); 20 Jul 2001 09:22:06 -0000
Received: (qmail 61575 invoked from network); 20 Jul 2001 09:22:06 -0000
Received: from unknown (10.1.10.26) by l8.egroups.com with QMQP; 20 Jul 2001 09:22:06 -0000
Received: from unknown (HELO hall.mail.mindspring.net) (207.69.200.60) by mta1 with SMTP; 20 Jul 2001 09:22:05 -0000
Received: from askgar.com (user-2injr3g.dialup.mindspring.com [165.121.236.112]) by hall.mail.mindspring.net (8.9.3/8.8.5) with ESMTP id FAA15229 for <iwar@yahoogroups.com>; Fri, 20 Jul 2001 05:22:04 -0400 (EDT)
Message-ID: <3B581439.7BEA6638@askgar.com>
X-Mailer: Mozilla 4.73 [en] (Win98; U)
X-Accept-Language: en
To: iwar@yahoogroups.com
References: <20010719223034.35572.qmail@web14505.mail.yahoo.com>
From: Gary Warner <gar@askgar.com>
Mailing-List: list iwar@yahoogroups.com; contact iwar-owner@yahoogroups.com
Delivered-To: mailing list iwar@yahoogroups.com
Precedence: bulk
List-Unsubscribe: <mailto:iwar-unsubscribe@yahoogroups.com>
Date: Fri, 20 Jul 2001 04:21:30 -0700
Reply-To: iwar@yahoogroups.com
Subject: [iwar] Code Red worm
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: 7bit

My recent paper "Privacy vs. Protection" discussed the fact that
hundreds of thousands of insecure computers are lying around the
Internet waiting to be used as agents of attack.  Well, friends, it has
happened in a big way.  Code Red.

We are seeing tens of thousands of Code Red attacks on large networks.
Even networks as small as 6 nodes are detecting hundreds of attacks.
Every network on which we are running detection is seeing at least 10
attacks per IP.  Not bad for a worm that attacks by using a random
number generator to pick its targets.

As the night has progressed the attacks on our networks have seemed to
ease off.  We'll see what the morning brings, but I am quite honestly
expecting to see the number reach a half million infected servers.

For some observations we made, see:

   http://www.harshtruth.com/warnings.html


------------------
http://all.net/ 

Your use of Yahoo! Groups is subject to http://docs.yahoo.com/info/terms/ 



This archive was generated by hypermail 2.1.2 : 2001-09-29 21:08:37 PDT