i
kept the server off the network until the patches were installed, but this
traffic seems
to
originate from outside
http://www.sunbelt-software.com/ntsysadmin_list_charter.htm-----Original Message-----
From: Luke Brumbaugh [mailto:[EMAIL PROTECTED]]
Sent: 24 August 2001 15:34
To: NT System Admin Issues
Subject: RE: Codered?Same here. If you use that coroporate.windowsupdate.microsoft.com you can drag to cd or spare drive on Computer, unplug from net and load OS. I did this and now I am fine.Read "Code Red Rant" message thread.http://www.sunbelt-software.com/ntsysadmin_list_charter.htm-----Original Message-----
From: Niki Blowfield [mailto:[EMAIL PROTECTED]]
Sent: Friday, August 24, 2001 9:59 AM
To: NT System Admin Issues
Subject: Codered?HiI installed a Win2k Advanced server in a kind of test environment on a publicIP address last thing yesterday, and it appeared to pick up the codered wormovernight.i got an email from one admin, and an automated message from a websitei re-installed 2k serv and applied the IIS patches, I also applied the patches tomy 2 NT servers which have IIS4 running, albeit on a private subneti have since noticed LOTS of traffic coming in through our single ADSL connectioni can remove our Firewall from the ADSL router, so its connected only to the web,but the traffic continues on the router indicator lights, so it doesnt seem to beoriginating from our networkthe 2000 server is the only device on our network providing any kind of servicesto the internet, and that is currently offlinewe have no way of connecting to the router to check logs, but if I bring the 2000server online, and run netmon, i get constant entries like the following;SRC MAC Address - FLOW00......Dest MAC Address - LOCALProtocol - TCPSRC Other Address - 213.66.79.235Dest Other Address - WIN2KADVSERVType Other Add - IPdo we still have a problem? or are these other sites with the virus attempting tosend it to us?http://www.sunbelt-software.com/ntsysadmin_list_charter.htm
Enterprise Channel Management Software for Manufacturers
Visit us at http://www.ultryx.com