North American Network Operators Group|
Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical
Re: Hard data on network impact of the "Code Red" worm?
In message <200107310341.WAA01723@bluejay.creighton.edu>, Larry Sheldon writes: > >> On Mon, 30 July 2001, k claffy wrote: >> > so, 1 aug midnite GMT (tomorrow 17:00 in california), >> > codered goes back into 'spread' mode. >> > within a few hours, we'll have 100,000-300,000 >> > globally infected machines again. > >NTBUGTRAQ is carrying informatiion that says that is not right. > >They say that currently extant copies of the thing will sleep forever, >or until the host is re-booted--at which time the thing ceases to exist. There seems to be some disagreement about this point. CERT, in fact, notes that explicitly (http://www.cert.org/advisories/CA-2001-23.html). They also claim that enough infected machines have their clocks set wrong that there may be a new outbreak tonight (EDT) -- that one strikes me as less plausible. > >The hazard tomorrow is the introduction of new copies of the thing. > That hazard isn't specific to August 1. --Steve Bellovin, http://www.research.att.com/~smb