Re: Code Red II at the IETF meeting
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Code Red II at the IETF meeting

In message <200108071321.JAA18560 at morticia.cc.gatech.edu>, Bobby Krupczak write
s:
>Hi!
>
>>Well, folks, my packet suckers have shown a Code Red II attack from a 
>>machine on the IETF meeting net.  It's 217.33.140.38 -- if you have 
>>that address, you need to disinfect and patch your machine.  For the 
>>rest of you, be careful...
>
>Do you always snoop on traffic at IETFs?
>


I'm running a monitor to detect what folks are sending to *my* 
machine:


Tue Aug  7 13:28:59 2001        tcpsuck www(80)
TCP message from host host217-33-140-38.ietf.ignite.net (217.33.140.38): port 3446

128 bytes received
    0:   47455420 2f646566 61756c74 2e696461   GET /default.ida
   16:   3f585858 58585858 58585858 58585858   ?XXXXXXXXXXXXXXX
   32:   58585858 58585858 58585858 58585858   XXXXXXXXXXXXXXXX
   48:   58585858 58585858 58585858 58585858   XXXXXXXXXXXXXXXX
   64:   58585858 58585858 58585858 58585858   XXXXXXXXXXXXXXXX
   80:   58585858 58585858 58585858 58585858   XXXXXXXXXXXXXXXX
   96:   58585858 58585858 58585858 58585858   XXXXXXXXXXXXXXXX
  112:   58585858 58585858 58585858 58585858   XXXXXXXXXXXXXXXX



(The monitor is truncating at 128 bytes, by intent.)

		--Steve Bellovin, http://www.research.att.com/~smb

Note Well: Messages sent to this mailing list are the opinions of the senders and do not imply endorsement by the IETF.

Note: Messages sent to this list are the opinions of the senders and do not imply endorsement by the IETF.