Code Red (II) Question

[Jonathan Hutchins]

----- Original Message -----
From: "Don Erickson" <derick at shark.zeni.net>

> Does anyone have a grasp as to how this virus could be taking down routers
> or dsl modems?  Certainly the modem cannot act as a host, and the
> bandwidth utilized by the scans is trivial...

I would guess that there is a vulnerability that "looks like" the IE hole to
the virus, which either overflows something or lodges unworkable code
somewhere.

People are making noise like the volume of scans is significant, due to the
number of distributed sources for the scans.  The DOS phase attempts to take
out a specific host (ie whitehouse.gov), but the contagion phase is
apparently causing bandwidth problems.