A little less of an impact this time then, huh? We've had two customers infected, both installs of which were less than a few days old. Seems that most admins (in NZ at least) have been rather better prepared this time round. Don't know if I can say the same for our friends overseas - many of the IPs that I have logged originate in Asia. Some in the States and Europe, but not as many. A few illegal, unpatched IIS installs, maybe... Must say, though, it was rather funny reading about the 'Code Red no-show' in the news this morning... Regards, Thomas Salmen System Administrator Radionet Ltd. 1/72 Paul Matthews Road Albany, Auckland, New Zealand Ph: +64 9 414 0300 ext 718 -----Original Message----- From: Thomas Salmen [mailto:thomas(a)radionet.co.nz] Sent: Thursday, 2 August 2001 2:12 p.m. To: nznog(a)list.waikato.ac.nz Subject: Code Red (Take Two) Just curious... have many people been affected by the second round of Code Red infections? We have seen plenty of inbound traffic here (well, the odd bit, anyway) but very few of our customers web servers have been hit - not like last time... Regards, Thomas Salmen System Administrator Radionet Ltd. 1/72 Paul Matthews Road Albany, Auckland, New Zealand Ph: +64 9 414 0300 ext 718 --------- To unsubscribe from nznog, send email to majordomo(a)list.waikato.ac.nz where the body of your message reads: unsubscribe nznog --------- To unsubscribe from nznog, send email to majordomo(a)list.waikato.ac.nz where the body of your message reads: unsubscribe nznog
On Thu, 2 Aug 2001, Thomas Salmen wrote:
A little less of an impact this time then, huh? We've had two customers infected, both installs of which were less than a few days old. Seems that most admins (in NZ at least) have been rather better prepared this time round. Don't know if I can say the same for our friends overseas - many of the IPs that I have logged originate in Asia. Some in the States and Europe, but not as many. A few illegal, unpatched IIS installs, maybe...
We had about 10 total, 9 were dialup and 1 DDS. At least one of the dialups was a repeat from last time. I guess I shouldn't mention the name of the company that gave us a NT/IIS box (for a specialist function) a couple of days ago. We had to apply 6 security patches to it (including for the hole Code Red uses) . -- Simon Lyall. | Newsmaster | Work: simon.lyall(a)ihug.co.nz Senior Network/System Admin | Postmaster | Home: simon(a)darkmere.gen.nz ihug, Auckland, NZ | Asst Doorman | Web: http://www.darkmere.gen.nz --------- To unsubscribe from nznog, send email to majordomo(a)list.waikato.ac.nz where the body of your message reads: unsubscribe nznog
On Thu, Aug 02, 2001 at 05:13:25PM +1200, Simon Lyall wrote: I guess I shouldn't mention the name of the company that gave us a NT/IIS box (for a specialist function) a couple of days ago. We had to apply 6 security patches to it (including for the hole Code Red uses) . The other day they had some 'expert' on TV if it-secure.co.nz or something. I noticed it the brief 15 seconds he was on he made two factual errors when talking about IAS (sic) and Code Red, so it doesn't surprise me at all. I expected the coverage from the New Zealand press to be a confusing mess of misinformation, so I check out CNN who rather pleasantly had very good information and explained things very well. Sadly, but as to be expected, the local 'Idg article doesn't provide much useful information either. <pause> There is no it-secure, maybe it was esecure.co.nz or gsecure.co.nz and that s all grep reveals. Hmm... or maybe either myself or the press got the domain name wrong? --cw --------- To unsubscribe from nznog, send email to majordomo(a)list.waikato.ac.nz where the body of your message reads: unsubscribe nznog
participants (3)
-
Chris Wedgwood -
Simon Lyall -
Thomas Salmen