Re: [iwar] Code red variants in increasing numbers

From: Gary Warner (gar@askgar.com)
Date: 2001-08-07 11:09:24 

Return-Path: <sentto-279987-1557-997207792-fc=all.net@returns.onelist.com>
Delivered-To: fc@all.net
Received: from 204.181.12.215 by localhost with POP3 (fetchmail-5.1.0) for fc@localhost (single-drop); Tue, 07 Aug 2001 11:12:15 -0700 (PDT)
Received: (qmail 9480 invoked by uid 510); 7 Aug 2001 17:12:05 -0000
Received: from n29.groups.yahoo.com (216.115.96.79) by 204.181.12.215 with SMTP; 7 Aug 2001 17:12:05 -0000
X-eGroups-Return: sentto-279987-1557-997207792-fc=all.net@returns.onelist.com
Received: from [10.1.4.52] by b05.egroups.com with NNFMP; 07 Aug 2001 18:09:52 -0000
X-Sender: user@energen.com
X-Apparently-To: iwar@onelist.com
Received: (EGP: mail-7_2_0); 7 Aug 2001 18:09:51 -0000
Received: (qmail 83090 invoked from network); 7 Aug 2001 18:09:27 -0000
Received: from unknown (10.1.10.26) by m8.onelist.org with QMQP; 7 Aug 2001 18:09:27 -0000
Received: from unknown (HELO hal.energen.com) (207.203.161.3) by mta1 with SMTP; 7 Aug 2001 18:09:27 -0000
Received: from askgar.com ([10.225.110.6] (may be forged)) by hal.energen.com with ESMTP (8.8.6 (PHNE_14041)/8.7.1) id NAA18616; Tue, 7 Aug 2001 13:07:05 -0500 (CDT)
Message-ID: <3B702ED3.55B07AE1@askgar.com>
X-Mailer: Mozilla 4.75 [en] (WinNT; U)
X-Accept-Language: en,zh-CN,ru,ja
To: iwar@yahoogroups.com
Cc: Information Warfare Mailing List <iwar@yahoogroups.com>
References: <200108050351.UAA01258@big.all.net>
From: Gary Warner <gar@askgar.com>
Mailing-List: list iwar@yahoogroups.com; contact iwar-owner@yahoogroups.com
Delivered-To: mailing list iwar@yahoogroups.com
Precedence: bulk
List-Unsubscribe: <mailto:iwar-unsubscribe@yahoogroups.com>
Date: Tue, 07 Aug 2001 13:09:24 -0500
Reply-To: iwar@yahoogroups.com
Subject: Re: [iwar] Code red variants in increasing numbers
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: 7bit

Because of the way Code Red II spreads, each of us will see many attacks
coming from neighbors on our same ISP.
MANY people have said this seems to hit cable modems the worst.  All
that means is those people reporting such are on Cable modems.  I have
spent some time logged on to each of five ISP accounts, and each one,
from the moment I log on, begins to be attacked by other users of that
ISP.

I'm sure you've seen this, but just a reminder:

pick a number from 1 to 8:

1 - Attack a random IP address (1-223*).(1-254).(1-254).(1-254)
2,3,4 - Attack your own Class A (yourIP).(1-254).(1-254).(1-254)
5,6,7,8 - Attack your own Class B (yourIP).(yourIP).(1-254).(1-254)

Basically, if you are on a "large" ISP, infected hosts on your ISP have
a 50% or 87.5% chance they will infect a "neighbor" such as yourself,
rather than an "outsider".

During my monitoring last night I was "attacked" over 300 times.  Only
22 of the attacks came from outside my Class A or Class B.

* - Why 223?  Because the numbers beginning with 224-239 are reserved by
ICANN for future use.
      The numbers 240-254 are unused.
_-_
gar


------------------------ Yahoo! Groups Sponsor ---------------------~-->
Small business owners...
Tell us what you think!
http://us.click.yahoo.com/vO1FAB/txzCAA/ySSFAA/kgFolB/TM
---------------------------------------------------------------------~->

------------------
http://all.net/ 

Your use of Yahoo! Groups is subject to http://docs.yahoo.com/info/terms/

This archive was generated by hypermail 2.1.2 : 2001-09-29 21:08:39 PDT