[ale] CodeRed attacks, here we go again. OTHER ATTACKS
Ben Alexander
ben at bensbox.com
Tue Sep 18 11:38:43 EDT 2001
You are probably seeing the same thing everyoen else is, from all
networks. The attacks look for Code Red 2 backdoor, attempt to exploit
numerous other IIS vulnerabilities, try to execute TFTP to download a
file called ADMIN.DLL, and a few other.
I just did a traceroute to a website at Interland and looks like they
are getting hit hard.
Ben
> -----Original Message-----
> From: owner-ale at ale.org [mailto:owner-ale at ale.org] On Behalf
> Of SAngell at nan.net
> Sent: Sunday, November 18, 2001 10:02 AM
> To: ale at ale.org
> Subject: [ale] CodeRed attacks, here we go again.
>
>
>
>
> I am being flooded by Code Red attacks originating from
> network 205.152.x.x all by the variant which is attempting to
> drop the trojan backdoor on to my servers. either root.exe or
> explorer.exe. This attack is worse that any I have previously
> seen with hundreds of attempts in the last 5 minutes.
>
> Anyone else witnessing these?
>
>
> \_\_\_\_\_\_\_\_\_\_\_/_/_/_/_/_/_/_/_/_/_/
> \_ Steve Angell, MCSE, CCNA _/
> \_ MIS Operations Manager _/
> \_ TSYS Total Debt Management _/
> \_ Norcross, GA _/
> \_ Phone 770-409-5570 _/
> \_ Fax 770-416-1752 _/
> \/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/
>
>
> --
> To unsubscribe: mail majordomo at ale.org with "unsubscribe ale"
> in message body.
>
--
To unsubscribe: mail majordomo at ale.org with "unsubscribe ale" in message body.
More information about the Ale
mailing list