Return-Path: <jheard@bey.com> Delivered-To: fc@all.net Received: from 204.181.12.215 by localhost with POP3 (fetchmail-5.1.0) for fc@localhost (single-drop); Sun, 05 Aug 2001 09:49:16 -0700 (PDT) Received: (qmail 18251 invoked by uid 510); 5 Aug 2001 15:50:05 -0000 Received: from beyondengineering.com (HELO s1.beyondengineering.com) (216.96.107.1) by 204.181.12.215 with SMTP; 5 Aug 2001 15:50:05 -0000 Received: from bob.bey.com (beyondengineering.com [216.96.107.1]) by s1.beyondengineering.com (8.11.0/8.8.7) with ESMTP id f75H0Pi01068 for <fc@all.net>; Sun, 5 Aug 2001 11:00:25 -0600 X-Mailer: Beyond Engineering Message-Id: <5.1.0.14.2.20010805113543.00a754d0@bey.com> X-Sender: jheard@bey.com X-Mailer: QUALCOMM Windows Eudora Version 5.1 Date: Sun, 05 Aug 2001 11:39:02 -0500 To: fc@all.net From: John Heard <jheard@bey.com> Subject: Re: [iwar] Code red variants in increasing numbers In-Reply-To: <200108050351.UAA01258@big.all.net> Content-Type: text/plain; charset="us-ascii"; format=flowed I can confirm this across the board, we're seeing the same thing and we've had to start reprogramming our monitoring systems as these hits have started to overload them for requests for default.ida. I've got a feeling this is going to get worse, there really needs to be a system in place somewhere like that is used for spam to notify networks which machines on their networks are infected so they can disconnect them till they remove the virus. It takes a lot of time to manually try and track down each of these and notify a sys admin. Best regards, John Heard ___________________________________________ B e y o n d E n g i n e e r i n g a division of CJ Group Inc. Home of IP-Delivery.com and WordSpot.com mailto:jheard@bey.com - http://www.bey.com 620.496.2682 voice - 620.496.2020 fax 1007 US Highway 54 West - La Harpe, KS 66751 US At 08:51 PM 8/4/01 -0700, you wrote: >Looks like there are more Code Red variants on the way... One with Xs, >in the overrun sequence, one with Os in the overrun sequence. They seem >to be running at a higher rate and through cable modem and DSL IP >addresses for now. To get a sense, on random IP addresses, I am now >getting red code requests at a rate of one every few minutes - >sustained... > >This issue is not anywhere near dead yet as far as I can tell... > >FC >--This communication is confidential to the parties it is intended to serve-- >Fred Cohen Fred Cohen & Associates.........tel/fax:925-454-0171 >fc@all.net The University of New Haven.....http://www.unhca.com/ >http://all.net/ Sandia National Laboratories....tel:925-294-2087 > >------------------------ Yahoo! Groups Sponsor ---------------------~--> >Small business owners... >Tell us what you think! >http://us.click.yahoo.com/vO1FAB/txzCAA/ySSFAA/kgFolB/TM >---------------------------------------------------------------------~-> > >------------------ >http://all.net/ > >Your use of Yahoo! Groups is subject to http://docs.yahoo.com/info/terms/
This archive was generated by hypermail 2.1.2 : 2001-09-29 21:08:39 PDT