Re: Large ISP response to Code Red?

[Blake Frantz <blake () mc net>]

> Anything in particular that you have in mind for an SP to do 'to prevent
an
> even worse reinfection phase' which is specific to Code Red?  It's
probably 

I downloaded the RedCode Scanner from eEye at
http://www.eeye.com/html/Research/Tools/codered.html 
 
scanned our IP space (dial-ups included), contacted (by phone) the admins of
the vulnerable servers, and emailed them the step by step instruction on how
to patch their servers (which can be found here) :
http://www.microsoft.com/technet/treeview/default.asp?url=/technet/itsolutio
ns/security/topics/codeptch.asp

Additionally, rules have been added to our IDS to detect RedCode activity.

Blake Frantz  A+, CNA, CCNA, MCSE
Network Security Analyst
mc.net
720 Industrial Drive #121
Cary, IL 60013
phn: (847)-594-5111 x5734
fax: (847)-639-0097
mailto:blake () mc net
http://www.mc.net


----------------------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management 
and tracking system please see: http://aris.securityfocus.com