[40002] in North American Network Operators' Group
RE: Hard data on network impact of the "Code Red" worm?
daemon@ATHENA.MIT.EDU (Roeland Meyer)
Tue Jul 31 03:26:48 2001
Message-ID: <EA9368A5B1010140ADBF534E4D32C728025AA0@condor.mhsc.com>
From: Roeland Meyer <rmeyer@mhsc.com>
To: 'Hank Nussbacher' <hank@att.net.il>,
Sean Donelan <sean@donelan.com>, ck@arch.bellsouth.net
Cc: nanog@merit.edu
Date: Tue, 31 Jul 2001 00:30:43 -0700
MIME-Version: 1.0
Content-Type: text/plain;
charset="iso-8859-1"
Errors-To: owner-nanog-outgoing@merit.edu
> From: Hank Nussbacher [mailto:hank@att.net.il]
> Sent: Monday, July 30, 2001 11:41 PM
> bandwidth - typically FastEthernet. So targetting IIS
> servers is a sure
> way of maximizing your zombie power (the only more powerful
> worm would be
> an Apache zombie which has about 18M potential clients or a
> bind worm-zombie).
Cut it out! You're making my blood run cold. Four years ago, I had three
systems cracked by mwsh. The entry was via BIND. They were a Linux boxen and
the exploit downloaded mwsh source code and compiled it. It could, just as
easily, do that with CodeRed sources. Fortunatelyy, most BIND installations
have been upgraded since then. But, I'll bet that there are a few that
haven't been. Is Raul Dhesi listening?
<shudder>
