[lug] wild activity, don't know why.
Prescott Oelke
plkey at home.com
Thu Aug 9 10:48:51 MDT 2001
I've talked to AT&T about this and they have had major problems with Code
Red on their cable network (which I am also on). Code Red chooses to scan
computers on its own section of the Internet apparently, before venturing
further out. Almost all the hits I have been getting are on port 80 and
from the 65.x.x.x address block (where my IP resides).
Basically someone (a lot of someones) set up a webserver using M$ IIS
server and hasn't patched it yet (most, I've discovered, aren't even aware
they're running it). So everytime they turn their machines on Code Red
begins scanning to find new machines to infect. The guy at AT&T @Home said
that they were going to block port 80 off from the outside world on their
network. All good and well, but that won't stop computers inside the
network from scanning.
I got over 600 hits to my port 80 yesterday alone.
Prescott Oelke
At 10:17 AM 8/9/2001 -0600, you wrote:
>I've been seeing a lot of articles in the news lately about this thing
>called "Code Red"...
>
>-----Original Message-----
>From: Holshouser, David [mailto:dholshou at ball.com]
>
>My brother called yesterday to inform me that the activity light has been
>solid for the last few days.
>I unshared all web content that might have been causing the activity (mp3).
>Everything seemed ok.
>This morning I got another call with the same message.
>_______________________________________________
>Web Page: http://lug.boulder.co.us
>Mailing List: http://lists.lug.boulder.co.us/mailman/listinfo/lug
More information about the LUG
mailing list