Date: Tue, 18 Sep 2001 16:17:58 -0500 From: Eric_Stanfield@kenokozie.com To: freebsd-isp@FreeBSD.ORG Subject: Re: Code Red?! Message-ID: <OFFB70F3BC.75A1E6DC-ON86256ACB.0073FE26@kka.com>
next in thread | raw e-mail | index | archive | help
I find it interesting that everyone I've talked to today has logged the initial nimda attack within 30 seconds of the time you listed below (after adjusting for timezones). Conspiracy theories aside, given what's been happening with the terrorist activities in this country (usa) somebody needs to put a large sized gun to Microsoft's corporate head and demand a complete and thorough security review of their operating system and applications as well as the patches to fix what I'm sure would be a big list of discovered problems. Independent review of the process would also be nice heh. -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- Eric Stanfield, K2Access Keno Kozie Associates 222 N LaSalle #1500 Chicago, IL 60606 (312) 332-3000 Bill Vermillion <bill@wjv.com> To: "Gary D. Margiotta" <gary@tbe.net> Sent by: cc: Paul Boehmer <pboehmer@seidata.com>, freebsd-isp@FreeBSD.ORG owner-freebsd-isp@F Subject: Re: Code Red?! reeBSD.ORG 09/18/01 01:43 PM Please respond to bv On Tue, Sep 18, 2001 at 02:17:25PM -0400, Gary D. Margiotta thus sprach: > Will also concur that we've seen it in our mix of BSD and Sun, > Apache and NES/iPlanet servers. > I have heard reports of a 'resurgence' of the Code Red worm. I appears to be named the 'nimda' worm. On some of my very lightly trafficed sites 60% of the log entries are error messages from that, both in the access and error logs. The log shows 9:31:15AM EST. I'm getting about 300 entries per hour in both the access log and the error log - and these sites are relatively obscure but well connected. > In addition, we just got word from one of our offices that there > is another happy joy M$ Outlook-based e-mail attachement worm > which goes through the address book, spams everyone in it and > shares out the C: drive for unrestricted sharing. And totally off subject there is an InfoWorld columnist today who pointed out the FrontPage license prohibits it's use on any site that disparages, MS, MSNBC, Expedia, and a few others. With the worms and this maybe a few more will rethink these products. -- Bill Vermillion - bv @ wjv . com To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?OFFB70F3BC.75A1E6DC-ON86256ACB.0073FE26>