[unisog] ida worm

Dan Riley dsr at mail.lns.cornell.edu
Thu Jul 19 19:57:43 GMT 2001

Russ Harvey <russ at cornucopia.ucr.edu> writes:
> http://www.eeye.com/html/Research/Advisories/AD20010618.html
> We're getting hit with a ton of these, and the source IPs seem all over
> the map:
> Anyone else getting barraged?

Yes, we saw this turn on around 8:30am EDT today, and ramp up quite
rapidly.  Between 8:30 and 14:30 EDT, we logged 4300 connection
attempts to our /22 subnet from 4100 distinct source IP addresses,
with the destination IP address distribution looking fairly flat. From
the way this turned on this morning, and the flatness of the
destination IP distribution, I suspect this is a "Code Red" variant
that doesn't have the fixed random number sequence bug.
Dan Riley                                         dsr at mail.lns.cornell.edu
Wilson Lab, Cornell University      <URL:http://www.lns.cornell.edu/~dsr/>
    "History teaches us that days like this are best spent in bed"

More information about the unisog mailing list