Re: OT: RE: what does this mean

[Phil Wood <cpw () lanl gov>]

I remember the Morris worm.  First there was email from those much more
capable than I about first indications and what to look for.  Just like
now a days.  Since, 'cat' was involved in a sendmail subject line (or something
like that), I made a new cat out of 'tee' and sent the results to our vax/bsd
system's (/router connected to our MILNET/ARPANET IMP) teletype console.

So, by around noon I had some interesting stuff, along with a bunch of phone
calls from scientists wondering why their systems were soo slooow.

At that time (November 88), I'd never seen anything like it.  And, I'd
say that if it wasn't for the bug in the worm code which was supposed to
cause it to die if a copy was already running, it would still be running
today.  %^)

Later,

On Fri, Apr 05, 2002 at 05:54:38PM -0500, Matt Kettler wrote:
> (completely off topic, and intended to be taken as humorous)
>
> Hmm, the oldest worm known to modern man is nimda or code red? Wow, modern 
> man must have a very limited long-term memory. Then again, a shocking 
> number of modern men can't correctly point to the approximate location of 
> Washington DC on an unlabeled image of the United States. I'd bet even some 
> of those living in Washington DC can't do so (Possibly even some in elected 
> office there.... that's a scary thought that is hopefully less likely to be 
> true than I think it is....)
>
> Since I remember the Morris worm being mentioned in the news does this make 
> me a "historic" man? Damn, and I'm not even that old yet.
>
> http://www.cert.org/nav/aboutcert.html
>
>
>
> At 04:30 PM 4/5/2002 -0500, McCammon, Keith wrote:
> > I'm going to exercise restraint here.  This is the oldest worm known to
> > modern man.
> >
> > 1) Subscribe to CERT, or Microsoft, or something...anything.
> > 2) See these:
> >
> > <http://www.cert.org/advisories/CA-2001-26.html>
> >
> > <http://www.cert.org/advisories/CA-2001-23.html>
> >
> > <http://www.microsoft.com/technet/treeview/default.asp?url=/TechNet/secu
> > rity/topics/nimda.asp>
> >
> > 3) And any of these:
> >
> > <http://www.google.com/search?hl=en&q=codered+worm>
> >
> > -----Original Message-----
> > From: Omolayo Salako [mailto:OSalako () corp goamerica net]
> > Sent: Friday, April 05, 2002 3:40 PM
> > To: Snort-users () lists sourceforge net
> > Subject: [Snort-users] what does this mean
> >
> >
> >
> > Hi list
> > i am getting a lot of this on one of my sensors, does this mean someone
> > is
> > trying to do directory listing on my web server
> >
> > 47 45 54 20 2F 73 63 72 69 70 74 73 2F 2E 2E 25   GET /scripts/..%
> > 25 33 35 25 36 33 2E 2E 2F 77 69 6E 6E 74 2F 73   %35%63../winnt/s
> > 79 73 74 65 6D 33 32 2F 63 6D 64 2E 65 78 65 3F   ystem32/cmd.exe?
> > 2F 63 2B 64 69 72 20 48 54 54 50 2F 31 2E 30 0D   /c+dir HTTP/1.0
> > 0A 48 6F 73 74 3A 20 77 77 77 0D 0A 43 6F 6E 6E   .Host: www.Conn
> > 6E 65 63 74 69 6F 6E 3A 20 63 6C 6F 73 65 0D 0A   nection: close.
> > 0D 0A
> >
> >
> >
> > Molayo Salako.   CISSP
> > Network Security Engineer
> > Goamerica communications
> > T:212-487-7984
> > E:osalako () corp goamerica net
> > F:212-509-7348
> >
> > "imagination is more important than knowledge"   -Al Einstein
> >
> >
> > _______________________________________________
> > Snort-users mailing list
> > Snort-users () lists sourceforge net
> > Go to this URL to change user options or unsubscribe:
> > https://lists.sourceforge.net/lists/listinfo/snort-users
> > Snort-users list archive:
> > http://www.geocrawler.com/redir-sf.php3?list=snort-users
> >
> > _______________________________________________
> > Snort-users mailing list
> > Snort-users () lists sourceforge net
> > Go to this URL to change user options or unsubscribe:
> > https://lists.sourceforge.net/lists/listinfo/snort-users
> > Snort-users list archive:
> > http://www.geocrawler.com/redir-sf.php3?list
>
>
> _______________________________________________
> Snort-users mailing list
> Snort-users () lists sourceforge net
> Go to this URL to change user options or unsubscribe:
> https://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users list archive:
> http://www.geocrawler.com/redir-sf.php3?list=snort-users

-- 
Phil Wood, cpw () lanl gov


_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users