Thread: "Code Red" worm
View Single Post
  #5   Spotlight this post!  
Unread 31-07-2001, 10:19
Joe Ross's Avatar Unsung FIRST Hero
Joe Ross Joe Ross is offline
Registered User
FRC #0330 (Beachbots)
Team Role: Engineer
  
Join Date: Jun 2001
Rookie Year: 1997
Location: Los Angeles, CA
Posts: 8,563
Joe Ross has a reputation beyond reputeJoe Ross has a reputation beyond reputeJoe Ross has a reputation beyond reputeJoe Ross has a reputation beyond reputeJoe Ross has a reputation beyond reputeJoe Ross has a reputation beyond reputeJoe Ross has a reputation beyond reputeJoe Ross has a reputation beyond reputeJoe Ross has a reputation beyond reputeJoe Ross has a reputation beyond reputeJoe Ross has a reputation beyond repute
Like nate said, the Code Red worm only affects machines using IIS and haven't been updated with the latest security patches. There has been a patch for the vulnerability that the worm exploits for a while.

The other and more dangerous problem with the worm is how it propogates. The worm has a list of IP addresses that it is supposed to randomly pick from to attack. Unfortunately, the worm "randomly" picks the same IP address every time. The worm then uses the host computer to attack the computer it picked and then goes down the list.

Any of those computers near the top of the list are probably being pounded by many different copies of the worm. If one of those computers is between you and CD, you may not be able to get through, or at least much more slowly.

If CD was at the top of the list, even though it is running apache, it would probably still go down because of the traffic, but it looks like we are safe.
Reply With Quote