[40459] in North American Network Operators' Group
Re: Code Red 2 cleanup; reporting..
daemon@ATHENA.MIT.EDU (Christopher A. Woodfield)
Thu Aug 9 13:34:47 2001
Date: Thu, 9 Aug 2001 13:28:03 -0400
To: Mathias =?unknown-8bit?Q?K=F6rber?= <mathias@koerber.org>
Cc: z@s0be.net, nanog@nanog.org
Message-ID: <20010809132803.C20909@semihuman.com>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <NFBBLGLCKLPELBNLAKEPAEBNCAAA.mathias@koerber.org>
From: "Christopher A. Woodfield" <rekoil@semihuman.com>
Errors-To: owner-nanog-outgoing@merit.edu
FWIW, I just tried to telnet to the 20 most recent hosts I got Code Red II
probes from, and didn't get a shell prompt on any of them. Are people
cleaning up their boxes that quickly?
-C
On Thu, Aug 09, 2001 at 02:19:19PM +0800, Mathias K?rber wrote:
>
> > Is there an effort abound that would allow for lists of verified 'Code
> > Red 2' infected hosts to be reported for cleanup/mitigation?
> > By known 'Code
> > Red 2' infected hosts, I mean that root.exe has been found to exist on the
> > host.
> >
> > Finding the contact information for a lot of these is proving difficult
> > being that a fair amount of the infected machines are Joe Blow broadband
> > customers.
>
> Publishing such lists is IMHO not a good idea, as these hosts are vulnerable and
> publishing their addresses would only serve to let more crackers know where to
> go..
>
--
---------------------------
Christopher A. Woodfield rekoil@semihuman.com
PGP Public Key: http://pgp.mit.edu:11371/pks/lookup?op=get&search=0xB887618B
