Date: Mon, 20 Aug 2001 09:20:03 +0200 From: "Carroll, D. (Danny)" <Danny.Carroll@mail.ing.nl> To: "Alfred Perlstein" <bright@mu.org>, "Wilko Bulte" <wkb@freebie.xs4all.nl> Cc: <freebsd-security@FreeBSD.ORG> Subject: RE: Code Red is from default setup Message-ID: <98829DC07ECECD47893074C4D525EFC3115629@citsnl007.europe.intranet>
next in thread | raw e-mail | index | archive | help
It's been done, except it didn't reboot, but rather patched the box or removed the mappings (can't remember). Then it searched for other machines using the same IPsearch algorithm as Code Red. It wasn't released into the wild, tho, it was just a demonstration that I read about on another security list. -D -----Original Message----- From: Alfred Perlstein [mailto:bright@mu.org] Sent: Monday, August 20, 2001 9:13 AM To: Wilko Bulte Cc: Carroll, D. (Danny); freebsd-security@FreeBSD.ORG Subject: Re: Code Red is from default setup * Wilko Bulte <wkb@freebie.xs4all.nl> [010820 01:53] wrote: > On Mon, Aug 20, 2001 at 08:50:57AM +0200, Carroll, D. (Danny) wrote: >=20 > This is *FreeBSD* security, not MickeySoft latest bugs.. Agreed. Although it would be amusing to detect default.ida requests and reply with a similar request the difference being that the reply one reboots/shuts-down the infected box. I'm suprised no one has suggested crafting such a tool. --=20 -Alfred Perlstein [alfred@freebsd.org] Ok, who wrote this damn function called '??'? And why do my programs keep crashing in it? -----------------------------------------------------------------=0A= ATTENTION:=0A= The information in this electronic mail message is private and=0A= confidential, and only intended for the addressee. Should you=0A= receive this message by mistake, you are hereby notified that=0A= any disclosure, reproduction, distribution or use of this=0A= message is strictly prohibited. Please inform the sender by=0A= reply transmission and delete the message without copying or=0A= opening it.=0A= =0A= Messages and attachments are scanned for all viruses known.=0A= If this message contains password-protected attachments, the=0A= files have NOT been scanned for viruses by the ING mail domain.=0A= Always scan attachments before opening them.=0A= ----------------------------------------------------------------- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?98829DC07ECECD47893074C4D525EFC3115629>