[39677] in North American Network Operators' Group
Re: Code Red
daemon@ATHENA.MIT.EDU (Dave Stewart)
Thu Jul 19 23:33:59 2001
Message-Id: <5.1.0.14.2.20010719232346.04f38128@mail.ntrnet.net>
Date: Thu, 19 Jul 2001 23:31:58 -0400
To: nanog@merit.edu
From: Dave Stewart <dbs@ntrnet.net>
In-Reply-To: <20010720031208.23684.qmail@prophecy.lightbearer.com>
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"; format=flowed
Errors-To: owner-nanog-outgoing@merit.edu
At 11:12 PM 7/19/2001, lucifer@lightbearer.com wrote:
>Reports from our monitoring systems saw the CPU usage jump by somewhere
>between 150-200% for our core routers today; our current theory is that
Web servers that were hit beginning this morning at 11:26:41 EDT have not
seen another attempt since 19:49:53.
I'm wondering if this because it was coming up on 00:00:00 GMT 20-July-2001.
According to the PC-Cillin write up, the 100-thread scan only takes place
if the system date is less than 20, but if it's 20-28, it launches it's DOS
attack at www1.whitehouse.gov
Does anybody really know yet what payloads this thing is carrying?
