the variant was code red II. but is there a way to trace it from where it
was
started. any tool you guys may know of for us to trace it from the root.
Don Balunos
Analog Devices Inc.
vox (781) 461-3040
fax (781) 461-4476
email [EMAIL PROTECTED]
-----Original Message-----
From: Kevin Saenz [mailto:[EMAIL PROTECTED]]
Sent: Monday, September 10, 2001 8:44 PM
To: Balunos, Don
Subject: RE: Default.ida requests
you are infected by code red. the only way you can irradicate it is that I
know of
is rebuilding the machine and patch the server with latest update patches.
then release it on to the internet.
Also check with symantac.com/avcenter
-----Original Message-----
From: Balunos, Don [mailto:[EMAIL PROTECTED]]
Sent: Tuesday, 11 September 2001 4:24 AM
To: Marc Richter; Andrew Blevins
Cc: [EMAIL PROTECTED]
Subject: RE: Default.ida requests
So, if I'm seeing it from some of my box inside my network therefore
they are infected if so, can you guys help me out where can i source out
some
utility tools for us to check in box remotely. Thanks.
Regards,
Don Balunos
Analog Devices Inc.
vox (781) 461-3040
fax (781) 461-4476
email [EMAIL PROTECTED]
-----Original Message-----
From: Marc Richter [mailto:[EMAIL PROTECTED]]
Sent: Saturday, August 18, 2001 8:52 AM
To: Andrew Blevins
Cc: [EMAIL PROTECTED]
Subject: Re: Default.ida requests
On Fri, Aug 17, 2001 at 03:15:45PM -0700, Andrew Blevins wrote:
> If I am seeing alot of default.ida requests to a box, is that indicative
of
> Code Red on the requestor?
Oh yes, it is !
--Marc
