Re: Code Red II at the IETF meeting

Steven M. Bellovin Tue, 07 Aug 2001 06:17:25 -0700

In message <[EMAIL PROTECTED]>, Bobby Krupczak write
s:
>Hi!
>
>>Well, folks, my packet suckers have shown a Code Red II attack from a 
>>machine on the IETF meeting net.  It's 217.33.140.38 -- if you have 
>>that address, you need to disinfect and patch your machine.  For the 
>>rest of you, be careful...
>
>Do you always snoop on traffic at IETFs?
>


I'm running a monitor to detect what folks are sending to *my* 
machine:


Tue Aug  7 13:28:59 2001        tcpsuck www(80)
TCP message from host host217-33-140-38.ietf.ignite.net (217.33.140.38): port 3446

128 bytes received
    0:   47455420 2f646566 61756c74 2e696461   GET /default.ida
   16:   3f585858 58585858 58585858 58585858   ?XXXXXXXXXXXXXXX
   32:   58585858 58585858 58585858 58585858   XXXXXXXXXXXXXXXX
   48:   58585858 58585858 58585858 58585858   XXXXXXXXXXXXXXXX
   64:   58585858 58585858 58585858 58585858   XXXXXXXXXXXXXXXX
   80:   58585858 58585858 58585858 58585858   XXXXXXXXXXXXXXXX
   96:   58585858 58585858 58585858 58585858   XXXXXXXXXXXXXXXX
  112:   58585858 58585858 58585858 58585858   XXXXXXXXXXXXXXXX



(The monitor is truncating at 128 bytes, by intent.)

                --Steve Bellovin, http://www.research.att.com/~smb

Re: Code Red II at the IETF meeting

Reply via email to