Bugtraq mailing list archives
Re: [BUGTRAQ] Full analysis of the .ida "Code Red" worm.
From: Jerome Alet <alet () unice fr>
Date: Fri, 20 Jul 2001 10:00:42 +0200 (MET DST)
On Fri, 20 Jul 2001, Nick FitzGerald wrote:
No -- it is "constrained" because it has reached the *UTC date* (not time as initially reported) when it is programmed to switch from "spread like crazy" mode to "DoS one of the IPs that was part of www.whitehouse.gov" mode. In about ten days it will flick back to the "spread like crazy" mode.
I've just done a quick check of my Apache logs, we have something like 20 virtual hosts each with a different IP address but in the same block, and while all the others have only received something like 20 attacks, one of them has received more than 3500, coming from 2150 different hosts. FYI I've split attacks by top level domains, when the IP was resolvable, and it gives: net : 447 com : 377 edu : 70 jp : 65 tw : 39 de : 27 fr : 25 ca : 25 nl : 22 es : 18 uk : 17 se : 17 it : 15 dk : 15 at : 12 gr : 10 cn : 10 ch : 10 be : 10 ru : 9 us : 8 no : 8 fi : 8 cz : 8 au : 8 pl : 7 org : 7 br : 5 za : 3 si : 3 is : 3 hu : 3 hr : 3 cl : 3 cc : 3 arp : 3 ua : 2 pt : 2 nz : 2 nu : 2 mx : 2 kr : 2 ie : 2 hk : 2 tr : 1 th : 1 sg : 1 mil : 1 int : 1 il : 1 bn : 1 bg : 1 ar : 1 the remaining is unresolvable, this was the majority. Jerome Alet - alet () unice fr - http://cortex.unice.fr/~jerome Fac de Medecine de Nice http://wwwmed.unice.fr Tel: (+33) 4 93 37 76 30 Fax: (+33) 4 93 53 15 15 28 Avenue de Valombrose - 06107 NICE Cedex 2 - FRANCE
Current thread:
- Re: [BUGTRAQ] Full analysis of the .ida "Code Red" worm. Vern Paxson (Jul 19)
- <Possible follow-ups>
- Re: [BUGTRAQ] Full analysis of the .ida "Code Red" worm. Vern Paxson (Jul 19)
- Re: [BUGTRAQ] Full analysis of the .ida "Code Red" worm. Vern Paxson (Jul 19)
- Re: [BUGTRAQ] Full analysis of the .ida "Code Red" worm. Nick FitzGerald (Jul 19)
- Oracle Vulnerability Discovered in OID Aaron C. Newman (Jul 20)
- Re: [BUGTRAQ] Full analysis of the .ida "Code Red" worm. Jerome Alet (Jul 20)
- Re: [BUGTRAQ] Full analysis of the .ida "Code Red" worm. Nick FitzGerald (Jul 19)
- Re: [BUGTRAQ] Full analysis of the .ida "Code Red" worm. Vern Paxson (Jul 19)
- Re: [BUGTRAQ] Full analysis of the .ida "Code Red" worm. Tony Langdon (Jul 19)
- Re: [BUGTRAQ] Full analysis of the .ida "Code Red" worm. Vern Paxson (Jul 20)