Return-Path: <sentto-279987-1528-996679633-fc=all.net@returns.onelist.com> Delivered-To: fc@all.net Received: from 204.181.12.215 by localhost with POP3 (fetchmail-5.1.0) for fc@localhost (single-drop); Wed, 01 Aug 2001 08:28:08 -0700 (PDT) Received: (qmail 11199 invoked by uid 510); 1 Aug 2001 14:29:36 -0000 Received: from n11.groups.yahoo.com (216.115.96.61) by 204.181.12.215 with SMTP; 1 Aug 2001 14:29:36 -0000 X-eGroups-Return: sentto-279987-1528-996679633-fc=all.net@returns.onelist.com Received: from [10.1.4.55] by c3.egroups.com with NNFMP; 01 Aug 2001 15:27:13 -0000 X-Sender: user@energen.com X-Apparently-To: iwar@yahoogroups.com Received: (EGP: mail-7_2_0); 1 Aug 2001 15:27:13 -0000 Received: (qmail 49238 invoked from network); 1 Aug 2001 15:00:56 -0000 Received: from unknown (10.1.10.142) by l9.egroups.com with QMQP; 1 Aug 2001 15:00:56 -0000 Received: from unknown (HELO hal.energen.com) (207.203.161.3) by mta3 with SMTP; 1 Aug 2001 15:00:56 -0000 Received: from askgar.com ([10.225.110.6] (may be forged)) by hal.energen.com with ESMTP (8.8.6 (PHNE_14041)/8.7.1) id JAA19592 for <iwar@yahoogroups.com>; Wed, 1 Aug 2001 09:58:40 -0500 (CDT) Message-ID: <3B68199F.68CDA065@askgar.com> X-Mailer: Mozilla 4.75 [en] (WinNT; U) X-Accept-Language: en,zh-CN,ru,ja To: iwar@yahoogroups.com References: <200108011237.FAA24677@big.all.net> From: Gary Warner <gar@askgar.com> Mailing-List: list iwar@yahoogroups.com; contact iwar-owner@yahoogroups.com Delivered-To: mailing list iwar@yahoogroups.com Precedence: bulk List-Unsubscribe: <mailto:iwar-unsubscribe@yahoogroups.com> Date: Wed, 01 Aug 2001 10:00:47 -0500 Reply-To: iwar@yahoogroups.com Subject: Re: [iwar] China trying it again... Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit That's an exact match for the "version 2" Code Red from July 19th. See for instance: http://www.cert.org/advisories/CA-2001-19.html I've got links to analyses (and so does everyone and his brother) on my website, if its convenient for you to pull them together from there. ( http://www.harshtruth.com/warnings.html ) Also, there is a GREAT analysis of the flow of the original distribution at: ( http://www.caida.org/analysis/security/code-red/ ) but their site is not up to the load. They are heavily overwhelmed, especially if you try to pull the 4.1 MB animated GIF showing the spread of attackers on the map of the world. _-_ gar ------------------------ Yahoo! Groups Sponsor ---------------------~--> Small business owners... Tell us what you think! http://us.click.yahoo.com/vO1FAB/txzCAA/ySSFAA/kgFolB/TM ---------------------------------------------------------------------~-> ------------------ http://all.net/ Your use of Yahoo! Groups is subject to http://docs.yahoo.com/info/terms/
This archive was generated by hypermail 2.1.2 : 2001-09-29 21:08:38 PDT