Merit Network
Can't find what you're looking for? Search the Mail Archives.
  About Merit   Services   Network   Resources & Support   Network Research   News   Events   Home

Discussion Communities: Merit Network Email List Archives

North American Network Operators Group

Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

Code Red on dial-in ppp

  • From: Mitch Halmu
  • Date: Sat Jul 21 10:48:35 2001

You may have received the following from codered@securityfocus.com

This mail is from the ARIS Analyzer Service (Attack Registry and Intelligence 
Service) from SecurityFocus. It has come to our attention that your system(s),
listed below have been identified as being compromised by the Code Red Worm.  
The Code Red Worm is rapidly spreading across the Internet, compromising 
vulnerable Windows NT IIS servers.

The addresses identified as belonging to you are as follows:

[ dynamic dial-in ip ]
[ dynamic dial-in ip ]

[snip]

This makes me think that the worm is capable to infect not only dedicated
web servers, but also dial-in customers running ppp that happen to be
online when the attack occurs. NetSide is an all Sun sparc shop and we 
don't have any Windows based machines, but I can see this worm being alive
and spreading for a long time if dial-in users are affected.

Unfortunately, they don't provide a date and time stamp, so identifying
the actual user is not possible. I can provide web server log extracts
to whomever collects/analyzes such information (John O., sorry but you're 
bouncing my email - get rid of MAPS).

--Mitch
NetSide




Discussion Communities


About Merit | Services | Network | Resources & Support | Network Research
News | Events | Contact | Site Map | Merit Network Home


Merit Network, Inc.