[Dshield] fighting back against CodeRed

NOC noc at icn.state.ia.us
Wed Aug 8 13:41:18 GMT 2001

Yeah, but I know the code is waiting for a response, maybe I can use

-----Original Message-----
From: Mark Martin [mailto:wolf at bescape.com]
Sent: Tuesday, August 07, 2001 10:29 PM
To: dshield at dshield.org
Subject: RE: [Dshield] fighting back against CodeRed

BTW, dropping the packets won't impact the attempt.


-----Original Message-----
From: dshield-admin at dshield.org [mailto:dshield-admin at dshield.org]On
Behalf Of Quibell, Marc
Sent: Monday, August 06, 2001 2:32 PM
To: 'dshield at dshield.org'
Subject: RE: [Dshield] fighting back against CodeRed

Good idea. I was just thinking on how we can turn this code-red worm back
and neutralize the infected machine. But first we must have a way of
automatically identifying a code-red attack and then injection of the "Code
Red patch code". Or we'll have to do it manually. If any programmer would be
kind enough to develop an .exe that would expose the 'backdoor', get in and
have the server run the patch via a script file, I'm all for it... In the
meantime I'll be concentrating on how to get the routers to drop packets and
maybe the code-red, not getting a return reply, will drop its' attempts...

Dshield mailing list
Dshield at dshield.org
To change your subscription options (or unsubscribe), see:

More information about the list mailing list