From owner-freebsd-questions  Tue Aug  7 18:12:11 2001
Delivered-To: freebsd-questions@freebsd.org
Received: from pogo.caustic.org (caustic.org [64.163.147.186])
	by hub.freebsd.org (Postfix) with ESMTP id 9519937B40C
	for <freebsd-questions@FreeBSD.ORG>; Tue,  7 Aug 2001 18:12:06 -0700 (PDT)
	(envelope-from jan@caustic.org)
Received: from localhost (jan@localhost)
	by pogo.caustic.org (8.11.0/ignatz) with ESMTP id f781Bvm30817;
	Tue, 7 Aug 2001 18:11:57 -0700 (PDT)
Date: Tue, 7 Aug 2001 18:11:57 -0700 (PDT)
From: "f.johan.beisser" <jan@caustic.org>
To: User & Ian Patrick Thomas <ipthomas_77@yahoo.com>
Cc: freebsd-questions@FreeBSD.ORG
Subject: Re: Is this what the Code Red II worm does?
In-Reply-To: <20010807165527.A17579@localhost>
Message-ID: <Pine.BSF.4.21.0108071807070.5567-100000@pogo.caustic.org>
X-Ignore: This statement isn't supposed to be read by you
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-freebsd-questions@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-questions.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-questions>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-questions>
X-Loop: FreeBSD.ORG

On Tue, 7 Aug 2001, User & Ian Patrick Thomas wrote:

> 	I am the network, it's just my one box.  Although I do use a cable
> connection so maybe some of the other people in my area could also be
> considered part of the network.  I am not currently running apache or any
> other web server yet.:(  It seems that maybe some of the users in my area
> have gotten infected by the worm.

recent analysis of the CodeRedII IIS worm seems to indicate that it's
spreading fairly heavily on cable modem systems. Specifically windows 2000
installations that haven't been very well locked down.

remember, that the CodeRedII worm is a bit more efficiant in scanning the
network near itself, more so than CodeRed v1 and v2.

there's a few threads on this subject on bugtraq and incidents. both are
archived, and easily subscribed to from http://www.securityfocus.com. 

-- jan


 
-------/ f. johan beisser /--------------------------------------+
  http://caustic.org/~jan                      jan@caustic.org
   "if my thought-dreams could be seen..
       "they'd probably put my head in a gillotine"
	     -- Bob Dylan


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message