[lug] Code Rainbow: New attack, MUCH nastier...
D. Stimits
stimits at idcomm.com
Tue Sep 18 11:26:17 MDT 2001
Sean Reifschneider wrote:
>
> Starting at around 7am mountain time this morning (you know, exactly a week
> from last Tuesday at 9am eastern time) a new Code-Red-like worm has started
> pounding the heck out of the network. It's interesting to note that there
> wasn't really a ramp-up time, at 7:20am or so mountain time we just
> suddenly started getting pounded on at around 40KB/sec. New, around 2.5
> hours later it's up to 60KB/sec.
I noticed. Tons of them (this requires operator overloading for
comparison between IP address and mass) are from 209.*.*.* IP's. It
appears that "sex0r lowd l33tn3ss" is taking credit.
>
> They're calling it "Code Rainbow":
>
> http://www.newsbytes.com/news/01/170225.html
>
> >From my logs it looks like it's doing around 10 different attacks per
> attempt. So, at the very least it's going to be an order of magnitude
> worse than Code Red. But, since it's doing 10 different attacks, it's
> likely to be worse because it'll hit more machines. Plus it looks like
> it's running a lot more agressively, which will make it even worse.
It seems to be trying much harder...several machines are coming back
over and over.
D. Stimits, stimits at idcomm.com
>
> Sean
> --
> "I'll thrash you like a Netscape process on a machine with 640K."
> -- John Shipman, 1998
> Sean Reifschneider, Inimitably Superfluous <jafo at tummy.com>
> tummy.com - Linux Consulting since 1995. Qmail, KRUD, Firewalls, Python
> _______________________________________________
> Web Page: http://lug.boulder.co.us
> Mailing List: http://lists.lug.boulder.co.us/mailman/listinfo/lug
More information about the LUG
mailing list