We have noticed a large increase (10 fold) in CodeRed activity since bang on midnight last night. The probe rate seems to have now leveled off at one probe per IP address every three minutes. This activity was actually noticed from monitoring of broadcast traffic on an ethernet LAN (TCP SYN to Black hole LAN IP address). If WorldNet are listening, these two systems are hitting us regularly 210.55.74.165 210.55.76.51 Cheers BG. --------- To unsubscribe from nznog, send email to majordomo(a)list.waikato.ac.nz where the body of your message reads: unsubscribe nznog
Ive noticed a huge jump in connection attempts - approximately 10 fold also.
This is going to become the scurge of the internet isnt it?
For as long as people run insecure IIS servers this is going to continue to
be a problem ...
*sigh*
(for as long as people code buggy software? release it on the commercial
market?)
Not to start a debate about these things, but at the moment all people are
doing is reacting..
My questions
1) How come this happened? Wheres the QC?
2) How are we going to stop this pulling the internet to its knees? It may
not be as bad as the media hyped but its increasing network traffic across
the board which cant be healthy.
Mark.
----- Original Message -----
From: "Brian Gibbons"
We have noticed a large increase (10 fold) in CodeRed activity since bang on midnight last night.
The probe rate seems to have now leveled off at one probe per IP address every three minutes.
This activity was actually noticed from monitoring of broadcast traffic on an ethernet LAN (TCP SYN to Black hole LAN IP address).
If WorldNet are listening, these two systems are hitting us regularly
210.55.74.165 210.55.76.51
Cheers
BG.
--------- To unsubscribe from nznog, send email to majordomo(a)list.waikato.ac.nz where the body of your message reads: unsubscribe nznog
--------- To unsubscribe from nznog, send email to majordomo(a)list.waikato.ac.nz where the body of your message reads: unsubscribe nznog
:: Ive noticed a huge jump in connection attempts - :: approximately 10 fold also. :: This is going to become the scurge of the internet isnt it? Yer... checked some of the servers at IDG... 240 hits on one. :: (for as long as people code buggy software? release it on :: the commercial :: market?) Think "features" instead. This isn't necessarily a bug as such, just an unexpected use of an existing feature. Like spamming via open relays. -- Juha --------- To unsubscribe from nznog, send email to majordomo(a)list.waikato.ac.nz where the body of your message reads: unsubscribe nznog
On Sun, Aug 05, 2001 at 01:46:48PM +1200, Juha Saarinen wrote:
Think "features" instead. This isn't necessarily a bug as such, just an unexpected use of an existing feature. Like spamming via open relays.
Dunno is I agree with that. I looks like a buffer overflow in which case it's just a consequence of the programmer not scrubbing the input stream well enough. strncpy is the only way to go =) Dean --------- To unsubscribe from nznog, send email to majordomo(a)list.waikato.ac.nz where the body of your message reads: unsubscribe nznog
participants (4)
-
Brian Gibbons
-
Dean Pemberton
-
Juha Saarinen
-
Mark Foster