[lug] Code Red II and AT&T "security" response
Calvin Dodge
caldodge at fpcc.net
Thu Aug 9 12:34:16 MDT 2001
I just did a quick check of Mom's server log (on an AT&T @Home-connected Linux box).
So far today there have been 433 "Code Red" probes. There would have been more if @Home hadn't been down for almost an hour this morning.
Of those 433 probes:
238 are from the address range 24.178.x.x (all local @Home, I believe)
181 from from the address range 24.x.x.x (all cable modems, I believe)
14 are from addresses outside the 24.x.x.x range.
So - if AT&T thinks they'll cure the Code Red epidemic by simply cutting off outside requests to port 80 inside the network, they're very much mistaken. And, of course, it won't stop @Home infected systems from trying to infect outsiders.
BTW - some time ago I mentioned that some Microsoft Windows Update servers had been infected - and someone on this list said (I assume in disbelief) "show me an authoritative source for that story".
Well, I don't have such a source (though one could probably found through a Google search) - but - if you accept IDG as "authoritative" - that very fate HAS befallen some Hotmail servers (also run by Microsoft). Check out http://www.idg.net/go.cgi?id=527853 for the story.
Calvin
--
Calvin Dodge
Certified Linux Bigot (tm)
http://www.caldodge.fpcc.net
More information about the LUG
mailing list