ietf
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: Code Red II at the IETF meeting

2001-08-07 06:40:04
from [Steven M. Bellovin] [Permanent Link] 
In message 
<200108071321(_dot_)JAA18560(_at_)morticia(_dot_)cc(_dot_)gatech(_dot_)edu>, 
Bobby Krupczak write
s:

Hi!


Well, folks, my packet suckers have shown a Code Red II attack from a 
machine on the IETF meeting net.  It's 217.33.140.38 -- if you have 
that address, you need to disinfect and patch your machine.  For the 
rest of you, be careful...


Do you always snoop on traffic at IETFs?




I'm running a monitor to detect what folks are sending to *my* 
machine:


Tue Aug  7 13:28:59 2001        tcpsuck www(80)
TCP message from host host217-33-140-38.ietf.ignite.net (217.33.140.38): port 
3446

128 bytes received
    0:   47455420 2f646566 61756c74 2e696461   GET /default.ida
   16:   3f585858 58585858 58585858 58585858   ?XXXXXXXXXXXXXXX
   32:   58585858 58585858 58585858 58585858   XXXXXXXXXXXXXXXX
   48:   58585858 58585858 58585858 58585858   XXXXXXXXXXXXXXXX
   64:   58585858 58585858 58585858 58585858   XXXXXXXXXXXXXXXX
   80:   58585858 58585858 58585858 58585858   XXXXXXXXXXXXXXXX
   96:   58585858 58585858 58585858 58585858   XXXXXXXXXXXXXXXX
  112:   58585858 58585858 58585858 58585858   XXXXXXXXXXXXXXXX



(The monitor is truncating at 128 bytes, by intent.)

                --Steve Bellovin, http://www.research.att.com/~smb
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: Code Red II at the IETF meeting, Bobby Krupczak
Next by Date:  Re: Code Red II at the IETF meeting, Patrik Fältström
Previous by Thread:  Re: Code Red II at the IETF meeting, John Angelmo
Next by Thread:  Re: Code Red II at the IETF meeting, Bobby Krupczak
Indexes:  [Date] [Thread] [Top] [All Lists]