[40483] in North American Network Operators' Group
Re: Code Red 2 cleanup; reporting..
daemon@ATHENA.MIT.EDU (mike harrison)
Fri Aug 10 01:13:45 2001
Date: Fri, 10 Aug 2001 01:12:38 -0400 (EDT)
From: mike harrison <meuon@highertech.net>
To: Etaoin Shrdlu <shrdlu@deaddrop.org>
Cc: Nanog <nanog@merit.edu>, nbuck@chatt.net
In-Reply-To: <3B7360B4.71755CA7@deaddrop.org>
Message-ID: <Pine.LNX.4.10.10108100034440.14898-100000@home.highertech.net>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Errors-To: owner-nanog-outgoing@merit.edu
> Spent nearly two days convincing someone who was managing a server that he
> was beating up machines all over the company. It finally took someone at
Tonight, 20 minutes after openning up port 80
on a firewall to a server supposedly only running
the latest CITRIX on Port 80 (why 80? Don't ask me?)
and the high paid out of town consultants swearing they
had applied the appropriate patches and were safe,
they are now broadcasting out the latest CodeRed style worm.
I got some nice sniffit captures from my Linux firewall
though.. this morning will be interesting. I wonder
how they like their crow served.
