Code Red?
David A. Sinck
plug-discuss@lists.PLUG.phoenix.az.us
Thu, 9 Aug 2001 08:13:32 -0700
\_ SMTP quoth Wayne Conrad on 8/9/2001 06:16 as having spake thusly:
\_
\_ On Wed, 08 August 2001, "David P. Schwartz" wrote:
\_ > Does this indicate anything about my machine, or it is just a reflection of
\_ > the pervasiveness of this worm?
\_
\_ CRv1 & CRV2 I've seen this month:
\_ 01 23
\_ 02 30
\_ 03 34
\_ 04 21
\_ 05 11
\_ 06 7
\_ 07 8
\_ 08 2
\_
\_ CRII I've seen this month:
\_ 01 0
\_ 02 0
\_ 03 0
\_ 04 205
\_ 05 279
\_ 06 290
\_ 07 345
\_ 08 330
\_
\_ I'm on 64.81.x.x
On @home, my firewall has burned about 2k port 80 requests for the
last few days, a 404 handler has coughed on about 20/day that the
firewall let through (ie: the widescan mode of code red).
On a related topic, when you know someone how knows his [solaris] box
is likely compromised and has the skills to fix it but doesn't, what's
the appropriate punishment for said individual? Flogging? Visit to a
bitey ant hill with some honey? Bury to the neck and stampede some
horses past?
David