[40264] in North American Network Operators' Group
Re: CodeRedII worm..
daemon@ATHENA.MIT.EDU (Larry Sheldon)
Sun Aug 5 11:17:07 2001
From: Larry Sheldon <lsheldon@creighton.edu>
Message-Id: <200108051515.KAA19272@bluejay.creighton.edu>
To: nanog@merit.edu
Date: Sun, 05 Aug 2001 10:15:20 CDT
Errors-To: owner-nanog-outgoing@merit.edu
> > worm creates a known backdoor. I'm certain that both the CodeRedII author
> > and other black hats would love for us to compile a list of afflicted hosts
> > for them to use.
>
> They have a few 'friendly' webservers collecting addresses
> just like we do. Everyone on the 'net with a sniffer or web log now
> has such a list. It's a good thought though.
If we are pretty sure that is the case, how about posting a list somewhere
for the good guys to see--or somebody send email to the ARIN-listed
contact for the IP addresses detected.
I'm trying to build a detector here, but it is hard, given the resources
I can bring to bear. Mostly me, which means we are in really bad
shape, resource-wise.
