[Dshield] Road Runner

Samuel Samuel at socal.rr.com
Thu Aug 23 03:21:36 GMT 2001


Thank you. This, the Newsbytes article and another reply I received offline
answers my question. The important thing is that I understand the data
properly, and the implication of this answer is that the data retrieved is
relevant. I want to be sure I am accurate in my understanding, so that when
I tell others, I am unlikely to be inaccurate due to my unfamiliarity.

Yes, they probably just missed a couple of zeros. It seems to be an innocent
mistake in their snail-mail letter to millions of customers.


----- Original Message -----
From: "Johannes B. Ullrich" <jullrich at euclidian.com>
To: "Dshield at Dshield. Org" <dshield at dshield.org>
Sent: Wednesday, August 22, 2001 1:26 PM
Subject: Re: [Dshield] Road Runner


> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
>
>
> Did they forget a couple of zeros? Or are they changing IPs a lot?
>
> select count(distinct source) from reports where date>'2001-08-01' and
> targetport=80 and source>'24.24.0.0' and source<'24.31.255.255';
> +------------------------+
> | count(distinct source) |
> +------------------------+
> |                   3943 |
> +------------------------+
>
>
> On Wed, 22 Aug 2001, Samuel wrote:
>
> > My ISP is Road Runner, which owns the block 24.24.0.0 - 24.31.255.255.
> >
> > I received a letter from them yesterday saying that:
> >
> > "Fewer than 40 computers on our Road Runner network were infected by
Code
> > Red. Those users were notified" .....
> >
> > Is it possible to determine if this is consistent with the data reported
to
> > DSheild? I had the impression that there have been much more than 40
Road
> > Runner customers infected, but I am not sure how to determine that.
> >
> > _______________________________________________
> > Dshield mailing list
> > Dshield at dshield.org
> > To change your subscription options (or unsubscribe), see:
http://www1.dshield.org/mailman/listinfo/dshield
> >
>
> - --
> - -------
> jullrich at sans.org                    Join http://www.DShield.org
>                                      Distributed Intrusion Detection
System
>
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.0.6 (GNU/Linux)
> Comment: For info see http://www.gnupg.org
>
> iD8DBQE7hBVhVOIizK5pIDMRAipoAKDhcSbBTUVCice5R0MKzuwvfhgi7ACg04K2
> Y8aTcTCOn8BDTb0FoAlbAnM=
> =NVwl
> -----END PGP SIGNATURE-----
>
> _______________________________________________
> Dshield mailing list
> Dshield at dshield.org
> To change your subscription options (or unsubscribe), see:
http://www1.dshield.org/mailman/listinfo/dshield
>




More information about the list mailing list