From owner-freebsd-isp  Tue Sep 18 11:44:22 2001
Delivered-To: freebsd-isp@freebsd.org
Received: from mail.wanlogistics.net (mail.wanlogistics.net [63.209.114.3])
	by hub.freebsd.org (Postfix) with ESMTP id 8123837B414
	for <freebsd-isp@FreeBSD.ORG>; Tue, 18 Sep 2001 11:44:18 -0700 (PDT)
Received: from bilver.wjv.com (spdsl-033.wanlogistics.net [63.209.115.33])
	by mail.wanlogistics.net (8.9.3/8.9.3) with ESMTP id OAA13966;
	Tue, 18 Sep 2001 14:44:13 -0400 (EDT)
	(envelope-from bill@wjv.com)
Received: (from bill@localhost)
	by bilver.wjv.com (8.11.6/8.11.1) id f8IIhiK18229;
	Tue, 18 Sep 2001 14:43:44 -0400 (EDT)
	(envelope-from bill)
Date: Tue, 18 Sep 2001 14:43:44 -0400
From: Bill Vermillion <bill@wjv.com>
To: "Gary D. Margiotta" <gary@tbe.net>
Cc: Paul Boehmer <pboehmer@seidata.com>, freebsd-isp@FreeBSD.ORG
Subject: Re: Code Red?!
Message-ID: <20010918144344.B18054@wjv.com>
Reply-To: bv@wjv.com
References: <3.0.6.32.20010918131041.41301100@mail.seidata.com> <Pine.BSF.4.21.0109181410470.4810-100000@thud.tbe.net>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
User-Agent: Mutt/1.2.5i
In-Reply-To: <Pine.BSF.4.21.0109181410470.4810-100000@thud.tbe.net>; from gary@tbe.net on Tue, Sep 18, 2001 at 02:17:25PM -0400
Organization: W.J.Vermillion / Orlando - Winter Park
Sender: owner-freebsd-isp@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-isp.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-isp>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-isp>
X-Loop: FreeBSD.org

On Tue, Sep 18, 2001 at 02:17:25PM -0400, Gary D. Margiotta thus
sprach:

> Will also concur that we've seen it in our mix of BSD and Sun,
> Apache and NES/iPlanet servers.

> I have heard reports of a 'resurgence' of the Code Red worm.

I appears to be named the 'nimda' worm.  On some of my very lightly
trafficed sites 60% of the log entries are error messages from
that, both  in the access and error logs.  The log shows
9:31:15AM EST.  

I'm getting about 300 entries per hour in both the access log and
the error log - and these sites are relatively obscure but well
connected.

> In addition, we just got word from one of our offices that there
> is another happy joy M$ Outlook-based e-mail attachement worm
> which goes through the address book, spams everyone in it and
> shares out the C: drive for unrestricted sharing.

And totally off subject there is an InfoWorld columnist today
who pointed out the FrontPage license prohibits it's use on any
site that disparages, MS, MSNBC, Expedia, and a few others.  With
the worms and this maybe a few more will rethink these products.
-- 
Bill Vermillion -   bv @ wjv . com

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-isp" in the body of the message