From owner-freebsd-isp Tue Sep 18 14:20: 8 2001 Delivered-To: freebsd-isp@freebsd.org Received: from smtp.kka.com (smtp.kka.com [63.141.65.2]) by hub.freebsd.org (Postfix) with ESMTP id 8ADE637B406 for ; Tue, 18 Sep 2001 14:20:03 -0700 (PDT) Subject: Re: Code Red?! To: freebsd-isp@FreeBSD.ORG X-Mailer: Lotus Notes Release 5.0.2a November 23, 1999 Message-ID: From: Eric_Stanfield@kenokozie.com Date: Tue, 18 Sep 2001 16:17:58 -0500 X-MIMETrack: Serialize by Router on Notes1st/Keno(Release 5.0.4 |June 8, 2000) at 09/18/2001 04:17:59 PM MIME-Version: 1.0 Content-type: text/plain; charset=us-ascii Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org I find it interesting that everyone I've talked to today has logged the initial nimda attack within 30 seconds of the time you listed below (after adjusting for timezones). Conspiracy theories aside, given what's been happening with the terrorist activities in this country (usa) somebody needs to put a large sized gun to Microsoft's corporate head and demand a complete and thorough security review of their operating system and applications as well as the patches to fix what I'm sure would be a big list of discovered problems. Independent review of the process would also be nice heh. -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- Eric Stanfield, K2Access Keno Kozie Associates 222 N LaSalle #1500 Chicago, IL 60606 (312) 332-3000 Bill Vermillion To: "Gary D. Margiotta" Sent by: cc: Paul Boehmer , freebsd-isp@FreeBSD.ORG owner-freebsd-isp@F Subject: Re: Code Red?! reeBSD.ORG 09/18/01 01:43 PM Please respond to bv On Tue, Sep 18, 2001 at 02:17:25PM -0400, Gary D. Margiotta thus sprach: > Will also concur that we've seen it in our mix of BSD and Sun, > Apache and NES/iPlanet servers. > I have heard reports of a 'resurgence' of the Code Red worm. I appears to be named the 'nimda' worm. On some of my very lightly trafficed sites 60% of the log entries are error messages from that, both in the access and error logs. The log shows 9:31:15AM EST. I'm getting about 300 entries per hour in both the access log and the error log - and these sites are relatively obscure but well connected. > In addition, we just got word from one of our offices that there > is another happy joy M$ Outlook-based e-mail attachement worm > which goes through the address book, spams everyone in it and > shares out the C: drive for unrestricted sharing. And totally off subject there is an InfoWorld columnist today who pointed out the FrontPage license prohibits it's use on any site that disparages, MS, MSNBC, Expedia, and a few others. With the worms and this maybe a few more will rethink these products. -- Bill Vermillion - bv @ wjv . com To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message