North American Network Operators Group

Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

Re: Code Red 2 cleanup; reporting..

  • From: Steven M. Bellovin
  • Date: Fri Aug 10 03:32:47 2001

In message <Pine.LNX.4.10.10108100034440.14898-100000@home.highertech.net>, mik
e harrison writes:
>
>> Spent nearly two days convincing someone who was managing a server that he
>> was beating up machines all over the company. It finally took someone at
>
>Tonight, 20 minutes after openning up port 80
>on a firewall to a server supposedly only running
>the latest CITRIX on Port 80 (why 80? Don't ask me?)
>and the high paid out of town consultants swearing they
>had applied the appropriate patches and were safe, 
>they are now broadcasting out the latest CodeRed style worm.
>
>I got some nice sniffit captures from my Linux firewall
>though.. this morning will be interesting. I wonder
>how they like their crow served.
>
>
>
>
I've seen a report that the patch is not fully effective -- see 
http://archives.neohapsis.com/archives/incidents/2001-08/0218.html.
That was on incidents.org last night, but it's gone this morning, so 
maybe that claim isn't accurate.

		--Steve Bellovin, http://www.research.att.com/~smb