[ale] Code Red II!!! Disregard previous reply!!!

Jonathan Rickman jonathan at xcorps.net
Tue Aug 7 09:13:04 EDT 2001


On Tue, 7 Aug 2001 SAngell at nan.net wrote:

> I think you are correct. Microsoft reported that the patches to correct the
> vulnerability in Index Server was downloaded over 1 million times since June 18,
> 2001. Seeing that you have to wonder if there is any other objective by future
> attacks other than to absorb bandwidth.

Don't even get me started. Microsoft has put an incredible spin on this whole
thing, making themselves out to be the Knight in Shining armor riding in to save
the day with their hotfix. Here's one for you...

64.4.1.40 - - [06/Aug/2001:05:03:54 -0400] "GET /default.ida?XXXXXXXXXXXXXXXXXXX
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX%u9090%u6858%ucbd3%u7801%u9090%u685
8%ucbd3%u7801%u9090%u6858%ucbd3%u7801%u9090%u9090%u8190%u00c3%u0003%u8b00%u531b%
u53ff%u0078%u0000%u00=a  HTTP/1.0" 404 1442 "-" "-"

MS Hotmail (NETBLK-HOTMAIL)
   1065 La Avenida
   Mountain View, CA 94043
   US

   Netname: HOTMAIL
   Netblock: 64.4.0.0 - 64.4.63.255

   Coordinator:
      Myers, Michael  (MM520-ARIN)  icon at HOTMAIL.COM
      650-693-7072

   Domain System inverse mapping provided by:

   NS1.HOTMAIL.COM              216.200.206.140
   NS3.HOTMAIL.COM              209.185.130.68

   Record last updated on 09-Jan-2001.
   Database last updated on 6-Aug-2001 23:07:48 EDT.

OOPS...looks like that patch isn't as widely distributed as MS is telling
everyone. They missed one themselves...actually, they missed several but I dont
want to turn ALE into a CRII log forum.

-- 
Jonathan Rickman
X Corps Security
http://www.xcorps.net

--
To unsubscribe: mail majordomo at ale.org with "unsubscribe ale" in message body.





More information about the Ale mailing list