[42640] in North American Network Operators' Group
RE: Worm probes
daemon@ATHENA.MIT.EDU (Roeland Meyer)
Tue Sep 18 15:39:25 2001
Message-ID: <EA9368A5B1010140ADBF534E4D32C728069EE2@condor.mhsc.com>
From: Roeland Meyer <rmeyer@mhsc.com>
To: "'sigma@pair.com'" <sigma@pair.com>, nanog@merit.edu
Date: Tue, 18 Sep 2001 11:54:18 -0700
MIME-Version: 1.0
Content-Type: text/plain;
charset="iso-8859-1"
Errors-To: owner-nanog-outgoing@merit.edu
There has already been a massive application of the patches, according to
www.netcraft.com at http://www.netcraft.com/survey/#August, Code Red
vulnerability has dropped to less than 20%, since July. It continues to
drop. Your general characterization of cluelessness is a bit unfair. It is
puzzeling that root.exe vulnerability is the only indicator that continues
to rise, albeit slowly. Netcraft shows it to be >10% at the moment.
BTW, I'm still seeing massive scanning activity.
|> From: sigma@pair.com [mailto:sigma@pair.com]
|> Sent: Tuesday, September 18, 2001 10:37 AM
|>
|> Along those lines, weren't there some projects last time
|> around to find and
|> clean up the affected machines? Clearly there are LOTS of
|> vulnerable NT
|> servers still out there. Presumably these are being
|> responded to just like
|> Smurf amplifiers, and the problem is just that the admins
|> are clueless or
|> unreachable?
|>
|> So far the most prolific network probing us has belonged to
|> 9NetAve, which
|> was bought by Concentric shortly before they became XO.
|> > Hopefully the notification does some good.
|> >
|>
