Re: Code Red II at the IETF meeting
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Code Red II at the IETF meeting
Hi Steven,
Can you tell me what kind of monitor that is, and
where can it be obtained from. Actually I was
searching for such scanner from long.
Gaurang.
--- "Steven M. Bellovin" <smb at research.att.com> wrote:
> In message
> <200108071321.JAA18560 at morticia.cc.gatech.edu>,
> Bobby Krupczak write
> s:
> >Hi!
> >
> >>Well, folks, my packet suckers have shown a Code
> Red II attack from a
> >>machine on the IETF meeting net. It's
> 217.33.140.38 -- if you have
> >>that address, you need to disinfect and patch your
> machine. For the
> >>rest of you, be careful...
> >
> >Do you always snoop on traffic at IETFs?
> >
>
>
> I'm running a monitor to detect what folks are
> sending to *my*
> machine:
>
>
> Tue Aug 7 13:28:59 2001 tcpsuck www(80)
> TCP message from host
> host217-33-140-38.ietf.ignite.net (217.33.140.38):
> port 3446
>
> 128 bytes received
> 0: 47455420 2f646566 61756c74 2e696461 GET
> /default.ida
> 16: 3f585858 58585858 58585858 58585858
> ?XXXXXXXXXXXXXXX
> 32: 58585858 58585858 58585858 58585858
> XXXXXXXXXXXXXXXX
> 48: 58585858 58585858 58585858 58585858
> XXXXXXXXXXXXXXXX
> 64: 58585858 58585858 58585858 58585858
> XXXXXXXXXXXXXXXX
> 80: 58585858 58585858 58585858 58585858
> XXXXXXXXXXXXXXXX
> 96: 58585858 58585858 58585858 58585858
> XXXXXXXXXXXXXXXX
> 112: 58585858 58585858 58585858 58585858
> XXXXXXXXXXXXXXXX
>
>
>
> (The monitor is truncating at 128 bytes, by intent.)
>
> --Steve Bellovin, http://www.research.att.com/~smb
>
>
__________________________________________________
Do You Yahoo!?
Make international calls for as low as $.04/minute with Yahoo! Messenger
http://phonecard.yahoo.com/
Note Well: Messages sent to this mailing list are the opinions
of the senders and do not imply endorsement by the IETF.
Note: Messages sent to this list are the opinions of the senders and do not imply endorsement by the IETF.
