[Dshield] Code red variant?

David Kennedy CISSP david.kennedy at acm.org
Thu Jul 26 16:35:23 GMT 2001


-----BEGIN PGP SIGNED MESSAGE-----

At 09:57 AM 7/26/01 -0500, Thompson, John J wrote: 
>>>>
length=222&URL=/x.ida&arg=AAA* (with 219 more a's following). 
  
<<<<

You're seeing eEye's tool running against your host/network.  It is
detect-only, not exploit, unless somebody's crafted up a real worm
that's using  "A" instead of CRW's "N."  Couple messages on the
security focus lists about this and I talked with someone who'd run
one of these to ground and it turned out to be somebody who thought
he was being helpful.


-----BEGIN PGP SIGNATURE-----
Version: PGP Personal Privacy 6.5.8
Comment: hacker=cybercriminal the definition has changed; get over it

iQCVAwUBO2BGx/GfiIQsciJtAQGP5wQAiAQ3gg3K91WCmBdDnGPzhMmMTOtmLzSC
84JF4V9vYTYlKH1m4ZWBFHbufac5YSnrUqlcYTol79+GfwdZNka6hd9GzRXameqC
jfurXU3OfIxYv3RY4RntPUR9bSaz9JYiIkjD8o6kBHOIINkFgFG24K2SLw6XW2vh
g0SwyR9eVVs=
=204L
-----END PGP SIGNATURE-----

-- 
Regards,

David Kennedy CISSP
Director of Research Services, TruSecure Corp. http://www.trusecure.com
Protect what you connect.
Look both ways before crossing the Net.




More information about the list mailing list