New subject: NIMDA / Moronic Feds.

18 Sep 2001

      Seems like Code Red or one of its little friends is back.

I think breaking up Microsoft is a bad idea,
but there are days it would be nice to have their
Web Server and Email Worm-Propagators run by companies
other than the operating system company just so fewer people
would be running that dangerous dreck.  :-)

Somebody did a paper about a hypothetical "Andy Warhol Virus",
studying how long it takes to take over a server,
how many servers you can attack per minute, and
what it would take to coordinate an attack that really hit everywhere.
15 minutes is about enough to hit most of the net,
if you find holes in Apache and IIS that don't need manual tweaking,
and if you don't alert people by scribbling their pages with
"Hacked by Chinese" or "Reformatted by bin Laden" before you're done.
Our chief weapons are surprise, exponential growth and
dividing up target address space effectively,
with quick checks to make sure you don't waste time on infected machines,
and, purely optionally, an almost fanatical analysis of hosting center configs.
...
Date:         Tue, 18 Sep 2001 16:21:35 +0200
Reply-To: Law & Policy of Computer Communications 
From: "[anton.raath]" 
Subject:      Re: Net problems?  Local?
To: CYBERIA-L@LISTSERV.AOL.COM
Hosting companies and ISPs have been seeing Code Red-style attacks on
their servers since early this morning. Pair Networks have reported
receiving "over 8000 hits per second, from as many as one hundred
thousand NT servers".
A.
...
No problem here, although our bandwidth is as the bandwidth of ten,
because our hearts are pure. ;)
...
...
I'm having trouble getting NYTimes, WSJ, Amazon.  Local outage?

Code Red seems to be back.

Bill Stewart

Adam Shostack

David Honig

John Young

Michael H. Warfield

Wilfred L. Guerin

tags

participants (6)