[lug] Code Rainbow: New attack, MUCH nastier...
Scott A. Herod
herod at interact-tv.com
Tue Sep 18 11:28:48 MDT 2001
Is this really new? I've been watching attempts to get into my
firewalled
port 80 continuously since Aug. 1. I noticed at the end of last week
I'd
had a repetition of 15 or 16 queries from one host. Perhaps that was
just CodeRed getting lucky. Traffic is definitely up today, though.
Scott
Sean Reifschneider wrote:
>
> Starting at around 7am mountain time this morning (you know, exactly a week
> from last Tuesday at 9am eastern time) a new Code-Red-like worm has started
> pounding the heck out of the network. It's interesting to note that there
> wasn't really a ramp-up time, at 7:20am or so mountain time we just
> suddenly started getting pounded on at around 40KB/sec. New, around 2.5
> hours later it's up to 60KB/sec.
>
> They're calling it "Code Rainbow":
>
> http://www.newsbytes.com/news/01/170225.html
>
> >From my logs it looks like it's doing around 10 different attacks per
> attempt. So, at the very least it's going to be an order of magnitude
> worse than Code Red. But, since it's doing 10 different attacks, it's
> likely to be worse because it'll hit more machines. Plus it looks like
> it's running a lot more agressively, which will make it even worse.
>
> Sean
More information about the LUG
mailing list