Merit Network
Can't find what you're looking for? Search the Mail Archives.
  About Merit   Services   Network   Resources & Support   Network Research   News   Events   Home

Discussion Communities: Merit Network Email List Archives

North American Network Operators Group

Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

RE: Code Red : Any whitehouse.gov people around?

  • From: Dave Stewart
  • Date: Fri Jul 20 11:44:21 2001

At 10:04 AM 7/20/2001, Mike Najarian wrote:

Has anyone gutted an infected box to determine whether it's going to go for
        whitehouse.gov
        www.whitehouse.gov
or a hardcoded IP?
While there's incomplete information available in the standard places, it appears to be a hardcoded IP.

I, along with many others, have null routed it.... Symantec's site claims the IP address is no longer active at any rate.

It *appears* that from xx-20-xxxx through xx-28-xxxx, this thing will attack that IP address... meaning that measures already in place will minimize damage from the portion of the code that attempts to flood 198.137.240.91. Networks where 198.137.240.91 isn't blocked could see network congestion, I suppose, if they host a large number of infected machines.

I've seen a claim that if the date is greater than 28, the threads just go into an infinite sleep.

From what I can see, I would expect another round of probes to take place starting on 01-August-2001...






Discussion Communities


About Merit | Services | Network | Resources & Support | Network Research
News | Events | Contact | Site Map | Merit Network Home


Merit Network, Inc.