Greetings all... I ask a simple and profoundly obvious question... With eeye and others releaseing codeRed src almost a month ago, has anyone bothered to modify the worm and bother distributing (by force) the file checked by the current worm which will suppress its operation? This is such an obvious fix, however noone seems to have yet had a clue to do it? Now that some of my boxes are being bothered with CRed noise, I'm prone to creating a secondary replacement worm, mass distributing it, and using it to squelch the bullshit of this one... If that many can be infected by using a psuedo-random sequence, this could be easily traced or more effectively a far more effective sequencing pattern for the disbersal could be utilized... Moreso, if noone is competant to have yet done this, can anyone provide an EXTREMELY stable high-load capacity box which can accept reporting of infected hosts? -- This would be highly useful in the target analysis of the worm's progress... Granted, this is a distributed infiltration mechanism, however, I somehow doubt the stateside feds and other morons would be contradicting of ceasing a distributed attack, even if we do not bother to stop the wh.gov targeting... It's wasting our resources, hastling all of us, etc. So... two things: A: Has anyone bothered to do this yet. B: If I am personally gonna have to deal with this bs, can anyone offer a logging-server target to send reports to? I shall await reply to the CDR lists, or direct to "Wilfred@Cryogen.com" ... -- I dont really want to waste the time fixing the code, though will if this keeps up for long... Till the next annoyance (or the fix of this one), -Wilfred L. Guerin Wilfred@Cryogen.com ...