In message <Pine.LNX.4.10.10108100034440.14898-100000@home.highertech.net>, mik e harrison writes:
Spent nearly two days convincing someone who was managing a server that he was beating up machines all over the company. It finally took someone at
Tonight, 20 minutes after openning up port 80 on a firewall to a server supposedly only running the latest CITRIX on Port 80 (why 80? Don't ask me?) and the high paid out of town consultants swearing they had applied the appropriate patches and were safe, they are now broadcasting out the latest CodeRed style worm.
I got some nice sniffit captures from my Linux firewall though.. this morning will be interesting. I wonder how they like their crow served.
I've seen a report that the patch is not fully effective -- see http://archives.neohapsis.com/archives/incidents/2001-08/0218.html. That was on incidents.org last night, but it's gone this morning, so maybe that claim isn't accurate. --Steve Bellovin, http://www.research.att.com/~smb