[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: [cobalt-users] Code Red variations

Subject: RE: [cobalt-users] Code Red variations
From: "Jonothon Ortiz" <jon@xxxxxxxxx>
Date: Tue Aug 7 01:50:49 2001
List-id: Mailing list for users to share thoughts on Cobalt products. <cobalt-users.list.cobalt.com>

<snip from KevinD>
My adivce? Ignore the log entries. Code Red is now just one more antiquated
exploit that will continue to affect only admins who don't know enough to
patch their systems (like the bind offerflow, rpc vulnerabilities, etc etc
etc).
</snip>

<applause>awesome!</applause>

Jonothon Ortiz
Vice President
Xnext, Inc.
Ph: 863.298.9698
or  888.84.XNEXT
http://www.Xnext.com
mailto:jon@xxxxxxxxx

-----Original Message-----
From: cobalt-users-admin@xxxxxxxxxxxxxxx
[mailto:cobalt-users-admin@xxxxxxxxxxxxxxx]On Behalf Of Kevin D
Sent: Tuesday, August 07, 2001 9:19 AM
To: cobalt-users@xxxxxxxxxxxxxxx
Subject: Re: [cobalt-users] Code Red variations


From: "Oblix" <oblix@xxxxxx>

> patch their system. As an example: Admin 1 has a vulnerable and infected
> system. His system did 100 attempts to infect others. This generated a
> traffic of lets say (It's an example) 10KB. If all 100 others send him an
> email that he has been comprised and that he should take action, only
these
> emails would generate 1 MB of datatraffic.

Lets see... if code red generats 10KB of data traffic per host, why does
each email have to generate 10KB of data traffic in response? Are you
planning to send a short story in response to an infection attempt? I'd say
your email would probably generate less than 1KB of traffic. And, judging
from how often my server has been hit (maybe once an hour, if that), those
emails would be spread over a great deal of time. I don't think traffic is
going to be a problem.

> >Dunno, just trying to come up with some kind of response other than
> >sitting here helplessly watching my logs and stats fill up with this
> >useless crap...

You can give these IPs to the people at Security Focus
(www.securityfocus.com). They have an email system setup with which they are
constructing a large database of infected systems. They are using this
database to notify affected system admins.

Actually, the chances are that the infected system admins have already been
notified via email, but either no one's checking those email accounts or the
system admins don't understand or care about the problem.

My adivce? Ignore the log entries. Code Red is now just one more antiquated
exploit that will continue to affect only admins who don't know enough to
patch their systems (like the bind offerflow, rpc vulnerabilities, etc etc
etc).

Kevin

_______________________________________________
cobalt-users mailing list
cobalt-users@xxxxxxxxxxxxxxx
To Subscribe or Unsubscribe, please go to:
http://list.cobalt.com/mailman/listinfo/cobalt-users

References:
- Re: [cobalt-users] Code Red variations
  - From: Kevin D

Prev by Date: RE: [cobalt-users] User disk space full on a Raq2 ?!?
Next by Date: Re: [cobalt-users] mySQL nightmare
Previous by thread: Re: [cobalt-users] Code Red variations
Next by thread: Re: [cobalt-users] Code Red variations

Sun Cobalt Users Message Index

Sun Cobalt Users Thread Index