Date: Tue, 18 Sep 2001 16:17:58 -0500 From: Eric_Stanfield@kenokozie.com To: freebsd-isp@FreeBSD.ORG Subject: Re: Code Red?! Message-ID: <OFFB70F3BC.75A1E6DC-ON86256ACB.0073FE26@kka.com>
next in thread | raw e-mail | index | archive | help
I find it interesting that everyone I've talked to today has logged the
initial nimda attack within 30 seconds of the time you listed below (after
adjusting for timezones). Conspiracy theories aside, given what's been
happening with the terrorist activities in this country (usa) somebody
needs to put a large sized gun to Microsoft's corporate head and demand a
complete and thorough security review of their operating system and
applications as well as the patches to fix what I'm sure would be a big
list of discovered problems. Independent review of the process would also
be nice heh.
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
Eric Stanfield, K2Access
Keno Kozie Associates
222 N LaSalle #1500
Chicago, IL 60606
(312) 332-3000
Bill Vermillion
<bill@wjv.com> To: "Gary D. Margiotta" <gary@tbe.net>
Sent by: cc: Paul Boehmer <pboehmer@seidata.com>, freebsd-isp@FreeBSD.ORG
owner-freebsd-isp@F Subject: Re: Code Red?!
reeBSD.ORG
09/18/01 01:43 PM
Please respond to
bv
On Tue, Sep 18, 2001 at 02:17:25PM -0400, Gary D. Margiotta thus
sprach:
> Will also concur that we've seen it in our mix of BSD and Sun,
> Apache and NES/iPlanet servers.
> I have heard reports of a 'resurgence' of the Code Red worm.
I appears to be named the 'nimda' worm. On some of my very lightly
trafficed sites 60% of the log entries are error messages from
that, both in the access and error logs. The log shows
9:31:15AM EST.
I'm getting about 300 entries per hour in both the access log and
the error log - and these sites are relatively obscure but well
connected.
> In addition, we just got word from one of our offices that there
> is another happy joy M$ Outlook-based e-mail attachement worm
> which goes through the address book, spams everyone in it and
> shares out the C: drive for unrestricted sharing.
And totally off subject there is an InfoWorld columnist today
who pointed out the FrontPage license prohibits it's use on any
site that disparages, MS, MSNBC, Expedia, and a few others. With
the worms and this maybe a few more will rethink these products.
--
Bill Vermillion - bv @ wjv . com
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-isp" in the body of the message
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-isp" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?OFFB70F3BC.75A1E6DC-ON86256ACB.0073FE26>