[56830] in North American Network Operators' Group


home	help	back	first	fref	pref	prev	next	nref	lref	last	post
RE: Code red- Returning?

daemon@ATHENA.MIT.EDU (Eric Germann)
Tue Mar 18 13:07:42 2003

Reply-To: <ekgermann@cctec.com>
From: "Eric Germann" <ekgermann@cctec.com>
To: "McBurnett, Jim" <jmcburnett@msmgmt.com>, <nanog@merit.edu>
Date: Tue, 18 Mar 2003 13:05:37 -0500
In-Reply-To: <390E55B947E7C848898AEBB9E507706041E51E@msmdcfs01.msmgmt.com>
Errors-To: owner-nanog-outgoing@merit.edu


This is a multi-part message in MIME format.

------=_NextPart_000_0069_01C2ED4F.11801080
Content-Type: text/plain;
	charset="iso-8859-1"
Content-Transfer-Encoding: 7bit

Code red- Returning?We're still in the propogation mode, until the 20th.

http://www.cert.org/advisories/CA-2001-23.html

Unless their clocks are off by 3 days, they're in the wrong mode ...

However, since 1100EST 3-17-03, we've seen a steady uptick also.  Also, some
other tools must be attempting to use the same exploits, but they are more
ferocious, creating thousands of attempts within a few minutes, exploiting
the same vulnerabilities.
  -----Original Message-----
  From: owner-nanog@merit.edu [mailto:owner-nanog@merit.edu]On Behalf Of
McBurnett, Jim
  Sent: Tuesday, March 18, 2003 12:50 PM
  To: nanog@merit.edu
  Subject: Code red- Returning?


  Has anyone out there noticed an increase in a Code-Red patterned virus?
  I know about the Microsoft bug that came out yesterday/last night.
  But I am seeing the same symptoms as Code Red,
  800+ hits in the last 12 hours, from the same Class A network I am on.
  The amount is increasing per hour..
  It started with 50 the first hour and now it just about 150 an hour...

  Thoughts?

  thanks,
  Jim



------=_NextPart_000_0069_01C2ED4F.11801080
Content-Type: text/html;
	charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<HTML><HEAD><TITLE>Code red- Returning?</TITLE>
<META http-equiv=3DContent-Type content=3D"text/html; =
charset=3Diso-8859-1">
<META content=3D"MSHTML 6.00.2800.1141" name=3DGENERATOR></HEAD>
<BODY>
<DIV><SPAN class=3D590390218-18032003><FONT face=3DArial color=3D#0000ff =
size=3D2>We're=20
still in the propogation mode, until the 20th.</FONT></SPAN></DIV>
<DIV><SPAN class=3D590390218-18032003><FONT face=3DArial color=3D#0000ff =

size=3D2></FONT></SPAN>&nbsp;</DIV>
<DIV><SPAN class=3D590390218-18032003><FONT face=3DArial color=3D#0000ff =
size=3D2><A=20
href=3D"http://www.cert.org/advisories/CA-2001-23.html">http://www.cert.o=
rg/advisories/CA-2001-23.html</A></FONT></SPAN></DIV>
<DIV><SPAN class=3D590390218-18032003><FONT face=3DArial color=3D#0000ff =

size=3D2></FONT></SPAN>&nbsp;</DIV>
<DIV><SPAN class=3D590390218-18032003><FONT face=3DArial color=3D#0000ff =
size=3D2>Unless=20
their clocks are off by 3 days, they're in the wrong mode=20
...</FONT></SPAN></DIV>
<DIV><SPAN class=3D590390218-18032003><FONT face=3DArial color=3D#0000ff =

size=3D2></FONT></SPAN>&nbsp;</DIV>
<DIV><SPAN class=3D590390218-18032003><FONT face=3DArial color=3D#0000ff =

size=3D2>However, since 1100EST 3-17-03, we've seen a steady uptick =
also.&nbsp;=20
Also, some other tools must be attempting to use the same exploits, but =
they are=20
more ferocious, creating thousands of attempts within a few minutes, =
exploiting=20
the same vulnerabilities.</FONT></SPAN></DIV>
<BLOCKQUOTE=20
style=3D"PADDING-LEFT: 5px; MARGIN-LEFT: 5px; BORDER-LEFT: #0000ff 2px =
solid">
  <DIV class=3DOutlookMessageHeader dir=3Dltr align=3Dleft><FONT =
face=3DTahoma=20
  size=3D2>-----Original Message-----<BR><B>From:</B> =
owner-nanog@merit.edu=20
  [mailto:owner-nanog@merit.edu]<B>On Behalf Of </B>McBurnett,=20
  Jim<BR><B>Sent:</B> Tuesday, March 18, 2003 12:50 PM<BR><B>To:</B>=20
  nanog@merit.edu<BR><B>Subject:</B> Code red- =
Returning?<BR><BR></FONT></DIV><!-- Converted from text/rtf format -->
  <P><FONT face=3DArial size=3D2>Has anyone out there noticed an =
increase in a=20
  Code-Red patterned virus?</FONT> <BR><FONT face=3DArial size=3D2>I =
know about the=20
  Microsoft bug that came out yesterday/last night.</FONT> <BR><FONT =
face=3DArial=20
  size=3D2>But I am seeing the same symptoms as Code Red,</FONT> =
<BR><FONT=20
  face=3DArial size=3D2>800+ hits in the last 12 hours, from the same =
Class A=20
  network I am on.</FONT> <BR><FONT face=3DArial size=3D2>The amount is =
increasing=20
  per hour..</FONT> <BR><FONT face=3DArial size=3D2>It started with 50 =
the first=20
  hour and now it just about 150 an hour...</FONT> </P>
  <P><FONT face=3DArial size=3D2>Thoughts?</FONT> </P>
  <P><FONT face=3DArial size=3D2>thanks,</FONT> <BR><FONT face=3DArial=20
  size=3D2>Jim</FONT> </P><BR></BLOCKQUOTE></BODY></HTML>

------=_NextPart_000_0069_01C2ED4F.11801080--

home	help	back	first	fref	pref	prev	next	nref	lref	last	post
[56830] in North American Network Operators' Group

RE: Code red- Returning?

daemon@ATHENA.MIT.EDU (Eric Germann)Tue Mar 18 13:07:42 2003

daemon@ATHENA.MIT.EDU (Eric Germann)
Tue Mar 18 13:07:42 2003
