North American Network Operators Group|
Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical
Re: Code Red 2 cleanup; reporting..
In message <Pine.LNX.firstname.lastname@example.org>, mik e harrison writes: > >> Spent nearly two days convincing someone who was managing a server that he >> was beating up machines all over the company. It finally took someone at > >Tonight, 20 minutes after openning up port 80 >on a firewall to a server supposedly only running >the latest CITRIX on Port 80 (why 80? Don't ask me?) >and the high paid out of town consultants swearing they >had applied the appropriate patches and were safe, >they are now broadcasting out the latest CodeRed style worm. > >I got some nice sniffit captures from my Linux firewall >though.. this morning will be interesting. I wonder >how they like their crow served. > > > > I've seen a report that the patch is not fully effective -- see http://archives.neohapsis.com/archives/incidents/2001-08/0218.html. That was on incidents.org last night, but it's gone this morning, so maybe that claim isn't accurate. --Steve Bellovin, http://www.research.att.com/~smb