In message
<200108071321(_dot_)JAA18560(_at_)morticia(_dot_)cc(_dot_)gatech(_dot_)edu>,
Bobby Krupczak write
s:
Hi!
Well, folks, my packet suckers have shown a Code Red II attack from a
machine on the IETF meeting net. It's 217.33.140.38 -- if you have
that address, you need to disinfect and patch your machine. For the
rest of you, be careful...
Do you always snoop on traffic at IETFs?
I'm running a monitor to detect what folks are sending to *my*
machine:
Tue Aug 7 13:28:59 2001 tcpsuck www(80)
TCP message from host host217-33-140-38.ietf.ignite.net (217.33.140.38): port
3446
128 bytes received
0: 47455420 2f646566 61756c74 2e696461 GET /default.ida
16: 3f585858 58585858 58585858 58585858 ?XXXXXXXXXXXXXXX
32: 58585858 58585858 58585858 58585858 XXXXXXXXXXXXXXXX
48: 58585858 58585858 58585858 58585858 XXXXXXXXXXXXXXXX
64: 58585858 58585858 58585858 58585858 XXXXXXXXXXXXXXXX
80: 58585858 58585858 58585858 58585858 XXXXXXXXXXXXXXXX
96: 58585858 58585858 58585858 58585858 XXXXXXXXXXXXXXXX
112: 58585858 58585858 58585858 58585858 XXXXXXXXXXXXXXXX
(The monitor is truncating at 128 bytes, by intent.)
--Steve Bellovin, http://www.research.att.com/~smb