Code Red [was: Network Question]
Duston, Hal
hdusto01 at sprintspectrum.com
Thu Aug 9 23:50:47 CDT 2001
The hits with XXXXXX are Code Red II, and the hits
with NNNNN are Code Red I. Code Red I can be removed
by a procedure. The procedure for Code Red II removal
is a reinstall because of the exploit code it leaves
behind. See the analysis on http://www.incidents.org/
Hal
Jeffrey A. McCright [jmccright2 at home.com] wrote:
>
> Tell me about it. I firewall is getting pounded by
> 24.22.xxx.xxx. and the
> hits are increasing!
>
> root [root at ns.brink.cx] wrote:
> >
> > Its more then likely code red I or II. If you wanted to you
> > could start up
> > apache and see if you get hits that look like :
--snip-- a malformed GET request with a bunch of X's.
> >
> > Code red is hurting @home pretty bad.
> >
> > Andrew Brink.
More information about the Kclug
mailing list