[Dshield] Code Red Endurance Record.

Gary Garrison garyg at fbtc.net
Thu Aug 16 13:13:46 GMT 2001


Possibly the original infection vector... first link in the chain?

alas, I'm too paranoid.

Gary Garrison
garyg at fbtc.net

-----Original Message-----
From: dshield-admin at dshield.org [mailto:dshield-admin at dshield.org]On
Behalf Of Johannes B. Ullrich
Sent: Thursday, August 16, 2001 7:44 AM
To: dshield at dshield.org
Subject: [Dshield] Code Red Endurance Record. (fwd)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1


  The 'Code Red Endurance Record' goes to 202.28.22.254 for scanning port
80 from June 5th through August 16th, not even taking a break from
7/20-8/1 (interesting, very early start date btw. good be that back then
the machine was actually infected with something else).

  The machine is located in Thailand. I will try to contact the owner and
send him his price (one DShield T-Shirt and a CD with patches burned just
for them...)

inetnum:     202.28.0.0 - 202.29.255.255
netname:     THAINET-TH
descr:       UniNet(Inter-university network)
descr:       Office of Information Technology Administration
descr:       for Educational Development
descr:       Ministry of University Affairs

  While connection attempts to port 80 on that machine are refused (maybe
they are cheating their way to the top of the list by using a NAT
gateway?), here a couple of apache log entries I have to confirm that this
is indeed code red:

...

_______________________________________________
Dshield mailing list
Dshield at dshield.org
To change your subscription options (or unsubscribe), see:
http://www1.dshield.org/mailman/listinfo/dshield




More information about the list mailing list