I have more than usual on my DSL, but it is not bad.
But yea, I see and increase from about the 26th.
At 11:47 AM 2/3/2002 -0800, you wrote:
>Is it just me, or has the usual level of noise generated by Code
>Red-infected servers gone *way* up in the last few days? My home dsl
>conn
Is it just me, or has the usual level of noise generated by Code
Red-infected servers gone *way* up in the last few days? My home dsl
connection is being inundated with attempts, and my server logs show a
steady increase beginning on the 28th, from the looks of it.
--Matt Robertson--
MSB
On 9/21/01, Ken Wilson penned:
> > I heard O'Reilly was being discontinued.
>
>
>http://www.deerfield.com/products/website/
Oh, cool! Deerfield seems to be a decent company. I use Serv-U, which
they developed sold to CatSoft.
--
Bud Schneehagen - Tropical Web Creations
_/_/_/_/_/_/_/_/_/_/_/
On 9/21/01, Gary P. McNeel, Jr. penned:
>I heard O'Reilly was being discontinued. We have used it for years but it
>has hit a point where there was no development for a year or longer.
They have quit development, but it's still available and supported.
Version 3 came out at the beginning of this
I made the same suggestion earlier, just for Apache rather than Website.
I've never used IIS, ever. Used to use Netscape's server before Apache was
solid on win32...
> One thing I'm eternally grateful for is the advice to go with
> O'Reilly's Web Site and disable IIS. I've certainly gotten my 900
> Out of curiosity what elements do your applications require
> of IIS that
~~
Your ad could be here. Monies from ads go to support these lists and provide more
resources for the community. http://www.fusionauthority.com/ads.cfm
FAQ: http://www.th
> I heard O'Reilly was being discontinued.
http://www.deerfield.com/products/website/
~~
Get the mailserver that powers this list at http://www.coolfusion.com
FAQ: http://www.thenetprofits.co.uk/coldfusion/faq
Archives: http://www.mail-archive.co
Original Message-
> From: Kola Oyedeji [mailto:[EMAIL PROTECTED]]
> Sent: Friday, September 21, 2001 10:13 AM
> To: CF-Talk
> Subject: RE: Code Red backdoor triggered?
>
>
> Out of curiosity what elements do your applications require of IIS that
> O'Reilly may or may
4)020-8429-7300
> -Original Message-
> From: Bud [mailto:[EMAIL PROTECTED]]
> Sent: 21 September 2001 15:55
> To: CF-Talk
> Subject: RE: Code Red backdoor triggered?
>
>
> On 9/21/01, [EMAIL PROTECTED] penned:
> >Some of us are hosting applications that require I
ssage -
From: "Bud" <[EMAIL PROTECTED]>
To: "CF-Talk" <[EMAIL PROTECTED]>
Sent: Friday, September 21, 2001 11:04 AM
Subject: Re: Code Red backdoor triggered?
> On 9/21/01, tom muck penned:
> >Unfortunately, this virus can hit you just as easily. It also c
On 9/21/01, tom muck penned:
>Unfortunately, this virus can hit you just as easily. It also comes by
>email
I don't open e-mail on my servers.
> and by opening up a page in an infected site,
I don't surf the web from my servers.
> and also by accessing
>shared drives in a network.
Only if
OTECTED]]
> Sent: Friday, September 21, 2001 6:37 AM
> To: CF-Talk
> Subject: RE: RE: Code Red backdoor triggered?
>
>
> Our people who are supposed to be maintaining the server
> swear all patches
> were in place and we still got hit. Can you please tell me
> e
On 9/21/01, [EMAIL PROTECTED] penned:
>Some of us are hosting applications that require IIS.
That's why I added the blurb that I'd recommend O'Reilly to anyone
that's not already
dependent upon IIS or FP. I for one would rather turn down some
customers than put them and myself through the heada
The roll up patch that fixed Code Red was supposed to also apply to this one. This is
the only way we could have not gotten infected because it was trying to use the same
attack code red did on IIS.. Now if you got infected via an email or throguh viewing
a webpage that had it, that was a
Our people who are supposed to be maintaining the server swear all patches
were in place and we still got hit. Can you please tell me exactly which
patch you are referring to? I don't manage the box, but I sure as hell
suffer if no one else does, either. I would like to follow up on this on
thi
Unfortunately, this virus can hit you just as easily. It also comes by
email and by opening up a page in an infected site, and also by accessing
shared drives in a network. In all, I think it comes in 16 different ways.
It's been called a cocktail of viruses.
tom
"Bud" <[EMAIL PROTECTED]> wrot
I had the patch and therefore was not infected by the worm this time. However it had
another attack where it made DOS type gets against what Code Red would have left. It
crippled our box for about 2 hours, but we found a fix that was not published
anywhere, but seemed so obvious when we
bject: RE: Code Red backdoor triggered?
One thing I'm eternally grateful for is the advice to go with
O'Reilly's Web Site and disable IIS. I've certainly gotten my 900
bucks worth in sleepful nights and time not spent cleaning up all
this crap and would heartily recommend
One thing I'm eternally grateful for is the advice to go with
O'Reilly's Web Site and disable IIS. I've certainly gotten my 900
bucks worth in sleepful nights and time not spent cleaning up all
this crap and would heartily recommend anyone that's not already
dependent upon those programs to sp
Software
Grant Thornton LLP
Washington, D. C.
703.837.4428
-Original Message-
From: Maureen [mailto:[EMAIL PROTECTED]]
Sent: Thursday, September 20, 2001 8:42 PM
To: CF-Talk
Subject: RE: Code Red backdoor triggered?
At 05:36 PM 9/20/01 JoAnn A. Schlosser wrote:
>OK. We just found
At 05:36 PM 9/20/01 JoAnn A. Schlosser wrote:
>OK. We just found out that our backup tapes are infected, too. Has anyone
>found a way to clean this without a total reinstall? I am in the process of
>copying the site files themselves to clean separately. If I can avoid a
>total tear-down and re
world.
JoAnn A. Schlosser
Senior Consultant
Association Management Software
Grant Thornton LLP
Washington, D. C.
703.837.4428
-Original Message-
From: tom muck [mailto:[EMAIL PROTECTED]]
Sent: Thursday, September 20, 2001 7:01 PM
To: CF-Talk
Subject: Re: Code Red backdoor triggered?
M
McAfee didn't have a patch for it until about noon the day it came out. It
had already hit hard by then. They've since updated the DAT file 3 times,
each one better than the last.
tom
<[EMAIL PROTECTED]> wrote in message
11EDC356EC3AD311AAD30008C75DAFFCB832A4@GTUS_IAD_E01">news:11EDC356EC3AD311
Management Software
Grant Thornton LLP
Washington, D. C.
703.837.4428
-Original Message-
From: tom muck [mailto:[EMAIL PROTECTED]]
Sent: Thursday, September 20, 2001 6:46 PM
To: CF-Talk
Subject: Re: Code Red backdoor triggered?
Invest in a virus program and you can have it clean everything
nt Software
> Grant Thornton LLP
> Washington, D. C.
> 703.837.4428
>
>
>
> -Original Message-
> From: Frank Priest [mailto:[EMAIL PROTECTED]]
> Sent: Thursday, September 20, 2001 5:16 PM
> To: CF-Talk
> Subject: RE: Code Red backdoor triggered?
>
>
>
. Schlosser
Senior Consultant
Association Management Software
Grant Thornton LLP
Washington, D. C.
703.837.4428
-Original Message-
From: Frank Priest [mailto:[EMAIL PROTECTED]]
Sent: Thursday, September 20, 2001 5:16 PM
To: CF-Talk
Subject: RE: Code Red backdoor triggered?
Thanks Robert
r control
until Norton had a fix out.
Frank
-Original Message-
From: Matt Robertson [mailto:[EMAIL PROTECTED]]
Sent: Wednesday, September 19, 2001 4:53 PM
To: CF-Talk
Subject: RE: Code Red backdoor triggered?
Frank,
According to CERT, you're out of luck. You're facing a
How are we fighting this!!! It is killing my server response times!!!
Thanks,
Robert
- Original Message -
From: "Bill Davidson" <[EMAIL PROTECTED]>
To: "CF-Talk" <[EMAIL PROTECTED]>
Sent: Tuesday, September 18, 2001 1:32 PM
Subject: Re: Code Red backdoo
Frank,
According to CERT, you're out of luck. You're facing a network disconnect and a
ground-up reinstall.
http://www.cert.org/tech_tips/win-UNIX-system_compromise.html
Naturally you should research this thoroughly before doing something like that.
Sorry for the downer.
---
;[EMAIL PROTECTED]>
Sent: Tuesday, September 18, 2001 10:37 AM
Subject: RE: Code Red backdoor triggered?
> even we're getting hammered with syn flood attacks.
>
> Rich Wild
>
> > -Original Message-
> > From: Dave Watts [mailto:[EMAIL PROTECTED]]
> >
*used* to get have
disappeared to be replaced by all of these blasted malformed requests for
cmd.exe. That tells me this is the old Code Red II morphing into something
new. Possibly a warhol-style worm has body-slammed all of the
previously-infected CR II boxes with some new task to accomplish?
Does anyone know what the Log signature for Apache is for this new
virus/worm?
Leon
-Original Message-
From: Kelly Matthews [mailto:[EMAIL PROTECTED]]
Sent: Tuesday, September 18, 2001 10:54 AM
To: CF-Talk
Subject: RE: Code Red backdoor triggered?
I use black ice on my server. THe
>>We have temporarily renamed cmd.exe
will that potential have any side effects? Guess I'll find out.
Eric Dawson
From: "Larry Juncker" <[EMAIL PROTECTED]>
Reply-To: [EMAIL PROTECTED]
To: CF-Talk <[EMAIL PROTECTED]>
Subject: RE: Code Red backdoor triggered
Internet Terrorism?
Rich
-Original Message-
From: Tristram Charnley [mailto:[EMAIL PROTECTED]]
Sent: Tuesday, September 18, 2001 12:17 PM
To: CF-Talk
Subject: RE: Code Red backdoor triggered?
Yes we're getting hammered too - exactly the same requests
Tristram Cha
yep that's the one...
-Original Message-
From: Kola Oyedeji [mailto:[EMAIL PROTECTED]]
Sent: Tuesday, September 18, 2001 12:01 PM
To: CF-Talk
Subject: RE: Code Red backdoor triggered?
This may or may not be relevant but i've just deleted an email from someone
i dont know
day, September 18, 2001 9:01 AM
> To: CF-Talk
> Subject: RE: Code Red backdoor triggered?
>
> This may or may not be relevant but i've just deleted an email from
> someone
> i dont know which I'm sure had a virus attached. It has a exe. file
> attached called re
608.270.9770
-Original Message-
From: webmaster [mailto:[EMAIL PROTECTED]]
Sent: Tuesday, September 18, 2001 10:31 AM
To: CF-Talk
Subject: Re: Code Red backdoor triggered?
we're seeing a HUGE number of hits all containing :-
port=3641 probes and URL=/c/winnt/system32/cmd.exe attem
.
[EMAIL PROTECTED]
-Original Message-
From: Rich Wild [mailto:[EMAIL PROTECTED]]
Sent: Tuesday, September 18, 2001 9:58 AM
To: CF-Talk
Subject: RE: Code Red backdoor triggered?
> Can you tell us Rich if it is impacting the servers ??
nah - filling up firewall but nothing else.
Are
I use black ice on my server. THe code red used to come in as IIS system32
command
course since i was patched it did nothing, well today i have a PLETHORA of
attacks
all labeled EITHER HTTP UTF8 backlick and HTTP URL with double-encoded ..
My guess is it's a new worm we are getting SLAMME
Yes we're getting hammered too - exactly the same requests
Tristram Charnley
~~
Structure your ColdFusion code with Fusebox. Get the official book at
http://www.fusionauthority.com/bkinfo.cfm
FAQ: http://www.thenetprofits.co.uk/coldfusion/faq
Arc
ldFusion 5 Developer
http://www.Alexandermark.com
(+44)020-8429-7300
> -Original Message-
> From: Rich Wild [mailto:[EMAIL PROTECTED]]
> Sent: 18 September 2001 15:58
> To: CF-Talk
> Subject: RE: Code Red backdoor triggered?
>
>
> > Can you tell us Rich if i
ay. From
the log files it appears to be a combination of Code Red II and the new
Code Blue/Code Red III or whatever it is called (the one that tries to
exploit the directory traversal bug). But it is not as bad as last time.
On the least busy segment it shows as a 10% traffic increase, but it
Yeah, eml is a email file...
Looks as though this is a new IIS whole...
-Original Message-
From: Carlisle, Eric [mailto:[EMAIL PROTECTED]]
Sent: Tuesday, September 18, 2001 10:14 AM
To: CF-Talk
Subject: RE: Code Red backdoor triggered?
I'll show my ignorance.
A .eml file is a
we're seeing a HUGE number of hits all containing :-
port=3641 probes and URL=/c/winnt/system32/cmd.exe attempts and guess where
they're coming from ?
the exact same machines that rountinly have been doing the code red thing .
Damn
Message -
From: "Paris Lundis" &l
More on the .eml files.
Dave Watts, CTO, Fig Leaf Software
http://www.figleaf.com/
voice: (202) 797-5496
fax: (202) 797-5444
-Original Message-
From: Dave Watts
Sent: Tuesday, 18 September, 2001 11:25
To: '[EMAIL PROTECTED]'
Subject: RE: Code Red backdoor triggered?
>
we have loads of *.eml files, but they're just bad emails from the
mailspool, nothing to worry about.
> -Original Message-
> From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]
> Sent: 18 September 2001 17:02
> To: CF-Talk
> Subject: RE: Code Red backdoor triggere
ssage-
> From: Paris Lundis [mailto:[EMAIL PROTECTED]]
> Sent: 18 September 2001 16:03
> To: CF-Talk
> Subject: RE: Code Red backdoor triggered?
>
>
> Uggh! not the code-red variations again...
>
> Can you tell us Rich if it is impacting the servers ?? Are you
>
-Talk
Subject: RE: Code Red backdoor triggered?
even we're getting hammered with syn flood attacks.
Rich Wild
> -Original Message-
> From: Dave Watts [mailto:[EMAIL PROTECTED]]
> Sent: 18 September 2001 15:52
> To: CF-Talk
> Subject: FW: Code Red backdoor triggered?
>
I'll show my ignorance.
A .eml file is a kind of MS spool file, right?
Does the virus pose as one of these files?
EC
-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]
Sent: Tuesday, September 18, 2001 12:02 PM
To: CF-Talk
Subject: RE: Code Red bac
Check for *.eml files on your IIS boxes, we got them everywhere...and our
virus software is not picking anything up at all...
-Original Message-
From: Rich Wild [mailto:[EMAIL PROTECTED]]
Sent: Tuesday, September 18, 2001 9:37 AM
To: CF-Talk
Subject: RE: Code Red backdoor triggered
Uggh! not the code-red variations again...
Can you tell us Rich if it is impacting the servers ?? Are you
patched, and does this thing use something new or is it the same
exploit as before...
Seems like it is becoming a net-30 terror :)
-paris
[finding the future in the past, passing the
even we're getting hammered with syn flood attacks.
Rich Wild
> -Original Message-
> From: Dave Watts [mailto:[EMAIL PROTECTED]]
> Sent: 18 September 2001 15:52
> To: CF-Talk
> Subject: FW: Code Red backdoor triggered?
>
>
> It seems there may be some u
PROTECTED]
Subject: RE: Code Red backdoor triggered?
> Heads up. Pay attention to your servers today. I just
> started detecting a *ton* of these requests. I think it's
> a follow-up worm programmed to take advantage of the
> backdoors Code Red dropped on infected computers. M
gt; > looks like all the other code red
> > entries I have but it is 1.78 megs of "code" can anyone tell me what this is?
> > should I be worried about being
> > infected? I was informed that only iis was susceptible to the worm but I have
> > been monitoring my s
Il giorno [DATA], [NOME], [INDIRIZZO] ha scritto:
> I just looked again in my apache logs and I found an interesting entry. It
> looks like all the other code red
> entries I have but it is 1.78 megs of "code" can anyone tell me what this is?
> should I be worried about b
Freddy wrote:
> I just looked again in my apache logs and I found an interesting entry. It looks
>like all the other code red
> entries I have but it is 1.78 megs of "code" can anyone tell me what this is?
An attempt to infect you with code red {serial number goes here}.
&g
I just looked again in my apache logs and I found an interesting entry. It looks like
all the other code red
entries I have but it is 1.78 megs of "code" can anyone tell me what this is? should I
be worried about being
infected? I was informed that only iis was susceptible to the
e: Mon, 13 Aug 2001 15:26:14 -0400
Subject: RE: Total Fix For Code Red
> > Yes, but if they don't know they have code red and there machine
> > is unpatched, I would imagine the admin is some home user that
> > got a cd from of nt server and doesn't have a clue how to
> Yes, but if they don't know they have code red and there machine
> is unpatched, I would imagine the admin is some home user that
> got a cd from of nt server and doesn't have a clue how to properly
> configure and secure there box. So for the people that are still
I tried a few address using net send and they all failed.
> > With a net send you only need the ip address and it will
> > pop-up an alert box on the infected machine, no reverse dns,
> > no guessing admin emails. The only thing is that someone has
> > to look at the screen to see the message.
R1...
> Yes, but if they don't know they have code red and there machine is
> unpatched, I would imagine the admin is some home user that got a cd from
of
> nt server and doesn't have a clue how to properly configure and secure
there
> box. So for the people that are still i
Yes, but if they don't know they have code red and there machine is
unpatched, I would imagine the admin is some home user that got a cd from of
nt server and doesn't have a clue how to properly configure and secure there
box. So for the people that are still infected they have eve
On 8/13/01, Richard Kuryk penned:
>With a net send you only need the ip address and it will pop-up an alert box
>on the infected machine, no reverse dns, no guessing admin emails. The only
>thing is that someone has to look at the screen to see the message.
What's the syntax? I get an error that
> Yeah, but 99% of the time you're just going to get an ISP on a
> reverse lookup. You certainly aren't going to get any help from
> them finding out who was assigned that IP address at that time
> (if dynamic) or who is assigned it permanently (if static).
That's correct, for dialup/cable-mod
On 8/13/01, Dave Watts penned:
> > How would you get contact information from an IP address to
>> notify someone?
>
>You can do a reverse DNS lookup, then find out who's responsible for that
>name. Obviously, this won't always work.
Yeah, but 99% of the time you're just going to get an ISP on a
> With a net send you only need the ip address and it will
> pop-up an alert box on the infected machine, no reverse dns,
> no guessing admin emails. The only thing is that someone has
> to look at the screen to see the message.
This assumes a couple of things. First, that the target machine i
> Sent: Monday, August 13, 2001 12:20 PM
> To: CF-Talk
> Subject: RE: Total Fix For Code Red
>
>
> On 8/13/01, Dave Watts penned:
> >There would be no harm in notifying someone that his
> computer has been
> >compromised; in fact, I know quite a few people who ar
> How would you get contact information from an IP address to
> notify someone?
You can do a reverse DNS lookup, then find out who's responsible for that
name. Obviously, this won't always work.
Dave Watts, CTO, Fig Leaf Software
http://www.figleaf.com/
voice: (202) 797-5496
fax: (202) 797-5444
On 8/13/01, Dave Watts penned:
>There would be no harm in notifying someone that his computer has been
>compromised; in fact, I know quite a few people who are doing that. I'd be
>reluctant to build something that could do the installation itself, though -
>that's asking for trouble.
How would yo
same as the
original as the code red worm.
As an everyday Web dude:
Interesting idea. Fight a worm with a worm. Maybe a foreshadowing of the
future? Every virus/worm should have a worm-cure that lives on line.
Summery:
Good idea but, I would avoid writing anything of the type even with the best
as an afterthought since the
original question included fixing the problem for the attacker.
Hatton
> -Original Message-
> From: Andrew Tyrone [mailto:[EMAIL PROTECTED]]
> Sent: Monday, August 13, 2001 11:27 AM
> To: CF-Talk
> Subject: RE: Total Fix For Code Red
>
>
&
> > > Or is this totally unethical - love to hear your thoughts
> >
> > I think that it would be wrong to compromise someone else's
> > system, even for ostensibly good goals.
>
> Agreed, but what would be the harm of generating an email to
> webmaster@..., admin@, and support@... with a lin
y [mailto:[EMAIL PROTECTED]]
> Sent: Monday, August 13, 2001 11:26 AM
> To: CF-Talk
> Subject: RE: Total Fix For Code Red
>
>
> > > Or is this totally unethical - love to hear your thoughts
> >
> > I think that it would be wrong to compromise someone else'
> > Or is this totally unethical - love to hear your thoughts
>
> I think that it would be wrong to compromise someone else's
> system, even for ostensibly good goals.
Agreed, but what would be the harm of generating an email to webmaster@...,
admin@, and support@... with a link to the patch
Instead on cfhttp do a "net send xxx.xxx.xxx.xxx "Your machine is infected
with code red".
Rich
> -Original Message-
> From: Dave Watts [mailto:[EMAIL PROTECTED]]
> Sent: Monday, August 13, 2001 11:15 AM
> To: CF-Talk
> Subject: RE: Total Fix For Code Red
ess of the system trying to do the exploit.
>
> c) having grabbed the address do a cfhttp back to that
> address using the backdoor created in code red V3 to disable
> ( or maybe fix ) that system. I was going to attach the code
> to do it but..
>
> Or is this
63
--
http://www.neighborware.com
America's Leading Community Network Software
> -Original Message-
> From: Mark W. Breneman [mailto:[EMAIL PROTECTED]]
> Sent: Friday, August 10, 2001 12:51 PM
> To: CF-Talk
> Subject: RE: OT (maybe) : Code Red -email the server admins
>
>
&g
) : Code Red
Anyone know whether the exploit being used by code red could be used to
launch a counter exploit on the infected system that patches the machine
:-).
Justin
-Original Message-
From: webmaster [mailto:[EMAIL PROTECTED]]
Sent: Tuesday, August 07, 2001 9:54 PM
To: CF-Talk
Subject
> Anyone know whether the exploit being used by code red could be used
> to launch a counter exploit on the infected system that patches the
> machine :-).
Uh, you could do that, but I wouldn't recommend it, nor is this the
appropriate place to debate the use of "frien
> Anyone know whether the exploit being used by code red could
> be used to
> launch a counter exploit on the infected system that patches
> the machine
> :-).
You should go fishing with a can of worms like that :-)
~~
Structure
Anyone know whether the exploit being used by code red could be used to
launch a counter exploit on the infected system that patches the machine
:-).
Justin
-Original Message-
From: webmaster [mailto:[EMAIL PROTECTED]]
Sent: Tuesday, August 07, 2001 9:54 PM
To: CF-Talk
Subject: OT
thing anotomically
impossible to myself.. Ho Hum.
I just wonder how much bandwidth/resource loss we all suffer from this
damned worm.
- Original Message -
From: "Thomas Chiverton" <[EMAIL PROTECTED]>
To: "CF-Talk" <[EMAIL PROTECTED]>
Sent: Wednesday, August 08, 2001 4
Thomas Chiverton wrote:
>
> But seriosuly - you think if their *still* not patched they'll care about
> you sending them an email ?
That is exactly why you should go for the ARIN/RIPE/APNIC solution and
inform their upstream provider. Every AUP I know has some provision that
gives upstream p
> Any suggestions ?
snort, perl, /bin/mail :-)
But seriosuly - you think if their *still* not patched they'll care about
you sending them an email ?
~~
Structure your ColdFusion code with Fusebox. Get the official book at
http://www.fusionauthori
webmaster wrote:
> I don't know about the rest of you who host web sites, but we're still getting
>slammed with Code Red attempts - it's been even worse since the variant came out on
>Saturday.
>
> I was wondering if anyone had worked out a way to
I don't know about the rest of you who host web sites, but we're still getting slammed
with Code Red attempts - it's been even worse since the variant came out on Saturday.
I was wondering if anyone had worked out a way to automatically notify the site
administrators ?
When
I know this is slightly off topic, but since most people are running CF
Server on top of WinNT or Win2000, it's highly relevant.
CERT believes that "Code Red is likely to start spreading again on July
31, 2001, 8:00 PM EDT and has mutated so that it may be even more
dangerous. &qu
]]On Behalf Of Marc Maiffret
> Sent: Friday, July 20, 2001 7:28 PM
> To: [EMAIL PROTECTED]
> Subject: Tool released to scan for possible CodeRed infected servers
>
>
> In an effort to help administrators find all systems within their network
> that are vulnerable to the .ida buffe
-
From: <[EMAIL PROTECTED]>
To: "CF-Talk" <[EMAIL PROTECTED]>
Sent: Thursday, July 19, 2001 8:02 PM
Subject: Re: IIS and the Code Red Worm
OK ... two hours past since installing the microsoft patch found at:
http://www.microsoft.com/technet/security/bulletin/MS01-033.as
Thanks John,
I knew they were there somewhere just couldn't find them.
Jeff
- Original Message -
From: "John Fix 3rd" <[EMAIL PROTECTED]>
To: "CF-Talk" <[EMAIL PROTECTED]>
Sent: Thursday, July 19, 2001 6:58 PM
Subject: RE: IIS and the Code Red Wor
OK ... two hours past since installing the microsoft patch found at:
http://www.microsoft.com/technet/security/bulletin/MS01-033.asp
for the affected NT 4.0 IIS 4 server and the web publishing service is still
up and running.
I did not unmap any extention or any other action except to install
> -Original Message-
> From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]
> Sent: Thursday, July 19, 2001 8:02 PM
> To: CF-Talk
> Subject: Re: IIS and the Code Red Worm
>
>
> OK. I have slept since I unmapped the .htr extension. I think
> that was on NT 4. Now I do
7;ve been there before but I haven't been able to unearth them again.
Jeff Craig
- Original Message -
From: "Kelly Matthews" <[EMAIL PROTECTED]>
To: "CF-Talk" <[EMAIL PROTECTED]>
Sent: Thursday, July 19, 2001 4:57 PM
Subject: RE: IIS and the Code Red W
Black ICE sees it but does NOT block it (even server edition), even though
it is considered a "serious" attack by the program. I wish Network ICE
would include blocking by attack, instead of just by IP (since the Code Red
worm comes from a different IP each time).
Sorry it's
yes but download the patch to be safe
http://www.microsoft.com/technet/security/bulletin/MS01-033.asp
-Original Message-
From: admin [mailto:[EMAIL PROTECTED]]
Sent: Thursday, July 19, 2001 5:17 PM
To: CF-Talk
Subject: Re: IIS and the Code Red Worm
at least blackics is seeing it and
at least blackics is seeing it and "hopefully" stopping it
Richard
- Original Message -
From: "Daryl Fullerton" <[EMAIL PROTECTED]>
To: "CF-Talk" <[EMAIL PROTECTED]>
Sent: Thursday, July 19, 2001 12:27 PM
Subject: IIS and the Code Red Worm
>
Hi guys thought you all should be made aware of this .most of you
probably do know.
But just in case you are encountering server trouble on IIS 4
The code red worm is causing havok with IIS and stoping IIIS 4
see below
Cheers
D
Thanks -- that's what I was afraid of.
We h
ty Network Software
> -Original Message-
> From: Windows NTBugtraq Mailing List
> [mailto:[EMAIL PROTECTED]]On Behalf Of Marc Maiffret
> Sent: Thursday, July 19, 2001 1:43 AM
> To: [EMAIL PROTECTED]
> Subject: Full analysis of the .ida "Code Red" worm.
>
>
&
itial analysis of the .ida "Code Red" Worm
The following information was researched by Ryan Permeh ([EMAIL PROTECTED]
and Marc Maiffret ([EMAIL PROTECTED] of eEye Digital Security. We would like
to specially thank Matthew Asham of Left Coast Systems Corp and Ken
Eichman of Chemical Abstra
PROTECTED]
Subject: Initial analysis of the .ida "Code Red" Worm
The following information was researched by Ryan Permeh ([EMAIL PROTECTED] and
Marc Maiffret ([EMAIL PROTECTED] of eEye Digital Security.
We would like to specially thank Matthew Asham of Left Coast Systems Corp
and Ken
100 matches
Mail list logo
