08.12.01
Code Red Notes
The sheer number of hits on ordersomewherechaos.com that are from the Code Red Virus are pretty amazing. 195 in just 4 days. This is for a server that has only been active for a couple of weeks mind you. But that’s not so interesting. The much more interesting part is that 193 of those came from 64.*.*.*. Now I’m on a mission to see what the Class A 64 range is for. (Lookups courtesy of ARIN)
64.1 – 64.3: Concentric Networks (Don’t they do DSL?)
64.34 : Teleocity (I think they provide DSL)
064.040.058.020: a DSL provider
064.041.227.126: Exodus: They do hosting and (DSL?)
064.049.078.011: Another DSL provider
064.050.158.081: More Dial-Up/DSL.
We got 20 Covad addys, and 10 or so PAC-BELLs, more Telocity, Some Bell Canada’s and two hits from RIPE addy’s: i.e. hits from Europe.
Overwhelmingly I’m seeing CODE RED hits from DSL provider networks… It’s no wonder that Verizon and other DSL providers have been getting so nasty about shutting down ports and such.
I’ve decided to add this to my .sig:
‘For the CODE will pass through to smite the WindowsNT Admins; and when he seeth the LACK OF Xs or Ns upon the QUERY STRING, and on the two side posts, the CODE will pass over the door, and will not suffer the destroyer to come in unto your SERVERS to smite you.’ – EXODUS.NET 12:23