Security Incidents mailing list archives
RE: Code Red, anyone?
From: "Coen Bongers" <CoB () Kikke Net>
Date: Wed, 1 Aug 2001 12:56:43 +0200
Hi all, I'm starting to see the first infection attempts to systems on the cable modem netblock on my snort IDS at home. (Funny, I can see all the traffic in mij neighbourhood on my cable modem connection, is that normal?) ;-) Some relative info: Snort 1.7 with standard rules, and the CodeRed additional rules. Source Dest #0-(6-107) CodeRed Defacement 2001-08-01 09:44:58 211.205.83.13:2008 212.xxx.xxx.xxx:80 TCP #1-(6-131) CodeRed Defacement 2001-08-01 11:17:50 211.41.180.163:2566 212.xxx.xxx.yyy:80 TCP Time is in GMT +1 and as far I can tell are the sources two closely related Korean hosts And a quick scan with the eEye CodeRed scanner (Thank you quys!!) is telling me that both servers are to be considered vulnerable. Is it starting, or am I just (un)lucky to see a couple??? take care, Coen Bongers Senior Network Engineer Mobiel: 06-2001 7443 E-mail: CoB () Kikke net -----Original Message----- From: Alfred Huger [mailto:ah () securityfocus com] Sent: woensdag 1 augustus 2001 3:31 To: incidents () securityfocus com Subject: Code Red, anyone? I realize that most of you have taken shelter and are awaiting the impending demise of the Internet s we know it. However for those of you stalwart bastions of courage who are still manning the ship in the face of this clear and present danger, I have a question. Anyone seeing Code Red activity yet? I just took a poll through our sensors in ARIS and see almost no activity at least none worth commenting on. Anyone else? VP Engineering SecurityFocus.com "Vae Victis" ---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com ---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
Current thread:
- Code Red, anyone? Alfred Huger (Jul 31)
- Code Red, anyone? Russell Fulton (Jul 31)
- Re: Code Red, anyone? Glenn Forbes Fleming Larratt (Jul 31)
- Re: Code Red, anyone? Michael Sullenszino (Aug 01)
- Re: Code Red, anyone? S. Staniford (Jul 31)
- Re: Code Red, anyone? Joseph Nicholas Yarbrough (Aug 01)
- Re: Code Red, anyone? thomas lakofski (Aug 01)
- RE: Code Red, anyone? Coen Bongers (Aug 01)
- Re: Code Red, anyone? Ryan Russell (Aug 01)
- Re: Code Red, anyone? Kman (Aug 01)
- <Possible follow-ups>
- Re: Code Red, anyone? Ken Eichman (Aug 01)
- unsubscribe me please Christophe Bernigaud (Aug 01)
- RE: Code Red, anyone? Information Security (Aug 01)
- RE: Code Red, anyone? Chip McClure (Aug 01)
- RE: Code Red, anyone? Jürgen Nieveler (Aug 01)
- Re: Code Red, anyone? Seth Arnold (Aug 01)
- Re: Code Red, anyone? Pat Wilson (Aug 01)
- Re: Code Red, anyone? jan (Aug 01)
(Thread continues...)