Re: [iwar] China trying it again...

From: Gary Warner (gar@askgar.com)
Date: 2001-08-01 08:00:47 

Return-Path: <sentto-279987-1528-996679633-fc=all.net@returns.onelist.com>
Delivered-To: fc@all.net
Received: from 204.181.12.215 by localhost with POP3 (fetchmail-5.1.0) for fc@localhost (single-drop); Wed, 01 Aug 2001 08:28:08 -0700 (PDT)
Received: (qmail 11199 invoked by uid 510); 1 Aug 2001 14:29:36 -0000
Received: from n11.groups.yahoo.com (216.115.96.61) by 204.181.12.215 with SMTP; 1 Aug 2001 14:29:36 -0000
X-eGroups-Return: sentto-279987-1528-996679633-fc=all.net@returns.onelist.com
Received: from [10.1.4.55] by c3.egroups.com with NNFMP; 01 Aug 2001 15:27:13 -0000
X-Sender: user@energen.com
X-Apparently-To: iwar@yahoogroups.com
Received: (EGP: mail-7_2_0); 1 Aug 2001 15:27:13 -0000
Received: (qmail 49238 invoked from network); 1 Aug 2001 15:00:56 -0000
Received: from unknown (10.1.10.142) by l9.egroups.com with QMQP; 1 Aug 2001 15:00:56 -0000
Received: from unknown (HELO hal.energen.com) (207.203.161.3) by mta3 with SMTP; 1 Aug 2001 15:00:56 -0000
Received: from askgar.com ([10.225.110.6] (may be forged)) by hal.energen.com with ESMTP (8.8.6 (PHNE_14041)/8.7.1) id JAA19592 for <iwar@yahoogroups.com>; Wed, 1 Aug 2001 09:58:40 -0500 (CDT)
Message-ID: <3B68199F.68CDA065@askgar.com>
X-Mailer: Mozilla 4.75 [en] (WinNT; U)
X-Accept-Language: en,zh-CN,ru,ja
To: iwar@yahoogroups.com
References: <200108011237.FAA24677@big.all.net>
From: Gary Warner <gar@askgar.com>
Mailing-List: list iwar@yahoogroups.com; contact iwar-owner@yahoogroups.com
Delivered-To: mailing list iwar@yahoogroups.com
Precedence: bulk
List-Unsubscribe: <mailto:iwar-unsubscribe@yahoogroups.com>
Date: Wed, 01 Aug 2001 10:00:47 -0500
Reply-To: iwar@yahoogroups.com
Subject: Re: [iwar] China trying it again...
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: 7bit

That's an exact match for the "version 2" Code Red from July 19th.  See
for instance:
    http://www.cert.org/advisories/CA-2001-19.html

I've got links to analyses (and so does everyone and his brother) on my
website, if its convenient for you to pull them together from there.  (
http://www.harshtruth.com/warnings.html )

Also, there is a GREAT analysis of the flow of the original distribution
at:
( http://www.caida.org/analysis/security/code-red/ ) but their site is
not up to the load.  They are heavily overwhelmed, especially if you try
to pull the 4.1 MB animated GIF showing the spread of attackers on the
map of the world.

_-_
gar


------------------------ Yahoo! Groups Sponsor ---------------------~-->
Small business owners...
Tell us what you think!
http://us.click.yahoo.com/vO1FAB/txzCAA/ySSFAA/kgFolB/TM
---------------------------------------------------------------------~->

------------------
http://all.net/ 

Your use of Yahoo! Groups is subject to http://docs.yahoo.com/info/terms/

This archive was generated by hypermail 2.1.2 : 2001-09-29 21:08:38 PDT