Nmap on Linux.
"Blake R.
Fowkes" To: "NT System Admin Issues"
<BFowkes@WAID <[EMAIL PROTECTED]>
.com> cc:
Subject: RE: New Worm on the loose
08/29/2001
02:53 PM
Please
respond to
"NT System
Admin Issues"
What are you using now for your port scans?
Thanks,
Blake Fowkes
Waid and Associates
-----Original Message-----
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]
Sent: Wednesday, August 29, 2001 4:48 PM
To: NT System Admin Issues
Subject: RE: New Worm on the loose
Someone may have carried a code red infected laptop into your office and
plugged into your lan. That's what happened to us and we found a total
of 6 machines infected shortly after that. We have Norton Corp Edition
on all machines so I saw it as it happened. We thought we were safe
because we didnt have any IIS servers with public IP addresses. Then we
found out that we had some IIS that we didnt know about. Some thorough
port scans also revealed a machine with an unauthorized remote control
program, as well as some other machines that also had IIS but didnt get
infected because we got the infected machines unplugged pretty quick. So
now I'm going to do regular port scans to look for such problems. I'm
trying to get the bucks to buy Sniffer Pro licenses so I can leave the
sniffer running all the time and have it send an snmp trap to the
monitoring console if it sees any of these alerted ports where they
shouldnt be. I also have a project underway to automatically update all
the Win2k machines when a hotfix is released. When we were running all
Win95 and 98, we didnt really pay much attention to patching. Now it's
mandatory.
<ntsysadmin@geeksa
twork.com> To: "NT System Admin
Issues"
Sent by: "Gavin
<[EMAIL PROTECTED]>
Landon" cc:
<glandon@geeksatwo Subject: RE: New Worm on
the loose
rk.com>
08/29/2001 02:11
PM
Please respond to
"NT System Admin
Issues"
Talking about worms, you guys want to hear something real funny. We have
a
SQL server that we didn't know a previous employee had put IIS5 on it. So
we got hit by the code red virus. (there are no domains so we are unknowing
how the hell codered found it!)
Anyway one day I logged into SQL and up popped a dialog that say this:
=================================================================
Message from "Apache User" to MachineName on 8/15/2001 1:55:45 PM
******* Virus Alert *******
=> Your computer is infected with the Code Red worm! <=
(You are getting this message because your machine has tried to infect
mine)
For Instructions of how to remove the worm follow this URL:
http://www.microsoft.com/technet/itsolutions/security/topics/codeptch.asp
Perhaps you want to install the Apache web server instead of IIS?
http://www.apache.org
=================================================================
Yea, Unix had to put in their two cents!!!
http://www.sunbelt-software.com/ntsysadmin_list_charter.htm
http://www.sunbelt-software.com/ntsysadmin_list_charter.htm
http://www.sunbelt-software.com/ntsysadmin_list_charter.htm
http://www.sunbelt-software.com/ntsysadmin_list_charter.htm
