[ale] Code Red II!!! Disregard previous reply!!!

SAngell at nan.net SAngell at nan.net
Tue Aug 7 09:18:45 EDT 2001




As the worm is currently configured the answer is no. It actually attacks a
vulnerability in Index Server. So to my knowledge (which is sometimes inept)
personal web server should be immune. The only patches released by M$ were for
NT 4.0 and 2k Server running IIS 4 and IIS 5. There is no patch for Personal Web
Server.

However, on a side not. I did a few Revers DNS lookups yesterday and one of the
sites that was attacking me was running Lotus Domino Webserver. NOT IIS. I
haven't been able  to find out whether it is possible for Domino to be effected,
although I guess the address could have been spoofed or if dynamic it could have
been re-assigned. I will probably never know.

Steve Angell,  MCSE, CCNA
MIS Operations Manager
TSYS Total Debt Management
Phone 770-409-5570
Fax      770-416-1752


|--------+---------------------------->
|        |          Wandered Inn      |
|        |          <esoteric at denali.a|
|        |          tlnet.com>        |
|        |                            |
|        |          08/07/01 09:08 AM |
|        |                            |
|--------+---------------------------->
  >--------------------------------------------------------|
  |                                                        |
  |      To:     ale at ale.org                               |
  |      cc:     (bcc: Steve Angell/tdm)                   |
  |      Subject:     Re: [ale] Code Red II!!! Disregard   |
  |       previous reply!!!                                |
  >--------------------------------------------------------|





Does anyone know if this thing can successfully attack the personal web
server product Microsoft provides?

SAngell at nan.net wrote:
>
> I think you are correct. Microsoft reported that the patches to correct the
> vulnerability in Index Server was downloaded over 1 million times since June
18,
> 2001. Seeing that you have to wonder if there is any other objective by future
> attacks other than to absorb bandwidth.
>
> Steve Angell,  MCSE, CCNA
> MIS Operations Manager
> TSYS Total Debt Management
> Phone 770-409-5570
> Fax      770-416-1752
>
> |--------+------------------------>
> |        |          "Randolph C.  |
> |        |          Karrh"        |
> |        |          <randy at NewRive|
> |        |          rplt.com>     |
> |        |                        |
> |        |          08/07/01 08:55|
> |        |          AM            |
> |        |                        |
> |--------+------------------------>
>   >--------------------------------------------------------|
>   |                                                        |
>   |      To:     Chris Ness <mness215 at mediaone.net>        |
>   |      cc:     SAngell, ale at ale.org                      |
>   |      Subject:     Re: [ale] Code Red II!!! Disregard   |
>   |       previous reply!!!                                |
>   >--------------------------------------------------------|
>
> Ale'rs
>
> I think that the main idea behind code red is not actually to
> really cause problems with M$ servers, but maybe our bandwidth. Because
> I'm getting hits from everywhere too.
>
> Randy
>
> On Mon, 6 Aug 2001, Chris Ness wrote:
>
> > On August  6, 2001 03:45 pm, you wrote:
> > > Sorry about previous e-mail, somehow I clicked send without realizing what
> > > I was doing.
> > >
> > ...
> > > Here's the trick. If you can delete this file then you are ok that means
> > > the trojan has not be used. If however you cannot delete the file ROOT.exe
> > > then the trojan has been executed and only a full re-install will solve
> > > your porblems. (You gotta love Windows!)
> > >
> > ...
> > > If this helps anyone, GREAT. If you are all running Web servers other than
> > > IIS, pray for me.
> > >
> > > Steve Angell,  MCSE, CCNA
> > >
> >    You  have out prayers, you need it. I have been watching my logs all day.
> > Even though I run Linux and apache, they keep trying. My log is showing
> > 93,000 REJECTS today! And we wonder where all the bandwidth went.
> >    Perhaps if all the people running Windows (all) just shut down for a day
> > they might beat this thing. In fact they could spend the day learning how
> > easy Linux really is when you don't have everybody telling you how hard it
is.
> >
>
> --
> Randolph C. Karrh Jr.   "May the world work for you and not against you!"
>
> Concepts2020.com
> P.O. Box 2124                   office   843.684.3874
> Savannah Ga. 31402              fax      843.784.6232
>
> --
> To unsubscribe: mail majordomo at ale.org with "unsubscribe ale" in message body.

--
Until later: Geoffrey         esoteric at denali.atlnet.com

"Great spirits have always found violent opposition from mediocre minds.
The latter cannot understand it when a man does not thoughtlessly submit
to hereditary prejudices but honestly and courageously uses his
intelligence." - Albert Einstein
--
To unsubscribe: mail majordomo at ale.org with "unsubscribe ale" in message body.



--
To unsubscribe: mail majordomo at ale.org with "unsubscribe ale" in message body.





More information about the Ale mailing list