Return-Path: <sentto-279987-1557-997207792-fc=all.net@returns.onelist.com> Delivered-To: fc@all.net Received: from 204.181.12.215 by localhost with POP3 (fetchmail-5.1.0) for fc@localhost (single-drop); Tue, 07 Aug 2001 11:12:15 -0700 (PDT) Received: (qmail 9480 invoked by uid 510); 7 Aug 2001 17:12:05 -0000 Received: from n29.groups.yahoo.com (216.115.96.79) by 204.181.12.215 with SMTP; 7 Aug 2001 17:12:05 -0000 X-eGroups-Return: sentto-279987-1557-997207792-fc=all.net@returns.onelist.com Received: from [10.1.4.52] by b05.egroups.com with NNFMP; 07 Aug 2001 18:09:52 -0000 X-Sender: user@energen.com X-Apparently-To: iwar@onelist.com Received: (EGP: mail-7_2_0); 7 Aug 2001 18:09:51 -0000 Received: (qmail 83090 invoked from network); 7 Aug 2001 18:09:27 -0000 Received: from unknown (10.1.10.26) by m8.onelist.org with QMQP; 7 Aug 2001 18:09:27 -0000 Received: from unknown (HELO hal.energen.com) (207.203.161.3) by mta1 with SMTP; 7 Aug 2001 18:09:27 -0000 Received: from askgar.com ([10.225.110.6] (may be forged)) by hal.energen.com with ESMTP (8.8.6 (PHNE_14041)/8.7.1) id NAA18616; Tue, 7 Aug 2001 13:07:05 -0500 (CDT) Message-ID: <3B702ED3.55B07AE1@askgar.com> X-Mailer: Mozilla 4.75 [en] (WinNT; U) X-Accept-Language: en,zh-CN,ru,ja To: iwar@yahoogroups.com Cc: Information Warfare Mailing List <iwar@yahoogroups.com> References: <200108050351.UAA01258@big.all.net> From: Gary Warner <gar@askgar.com> Mailing-List: list iwar@yahoogroups.com; contact iwar-owner@yahoogroups.com Delivered-To: mailing list iwar@yahoogroups.com Precedence: bulk List-Unsubscribe: <mailto:iwar-unsubscribe@yahoogroups.com> Date: Tue, 07 Aug 2001 13:09:24 -0500 Reply-To: iwar@yahoogroups.com Subject: Re: [iwar] Code red variants in increasing numbers Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Because of the way Code Red II spreads, each of us will see many attacks coming from neighbors on our same ISP. MANY people have said this seems to hit cable modems the worst. All that means is those people reporting such are on Cable modems. I have spent some time logged on to each of five ISP accounts, and each one, from the moment I log on, begins to be attacked by other users of that ISP. I'm sure you've seen this, but just a reminder: pick a number from 1 to 8: 1 - Attack a random IP address (1-223*).(1-254).(1-254).(1-254) 2,3,4 - Attack your own Class A (yourIP).(1-254).(1-254).(1-254) 5,6,7,8 - Attack your own Class B (yourIP).(yourIP).(1-254).(1-254) Basically, if you are on a "large" ISP, infected hosts on your ISP have a 50% or 87.5% chance they will infect a "neighbor" such as yourself, rather than an "outsider". During my monitoring last night I was "attacked" over 300 times. Only 22 of the attacks came from outside my Class A or Class B. * - Why 223? Because the numbers beginning with 224-239 are reserved by ICANN for future use. The numbers 240-254 are unused. _-_ gar ------------------------ Yahoo! Groups Sponsor ---------------------~--> Small business owners... Tell us what you think! http://us.click.yahoo.com/vO1FAB/txzCAA/ySSFAA/kgFolB/TM ---------------------------------------------------------------------~-> ------------------ http://all.net/ Your use of Yahoo! Groups is subject to http://docs.yahoo.com/info/terms/
This archive was generated by hypermail 2.1.2 : 2001-09-29 21:08:39 PDT