An Update on the Code Red Worm
Posted: 08/24/2001
Abstract:
The Code Red Worm hit the Internet in July, exploiting a vulnerability in Microsoft's IIS software that was announced in June. The writer(s) of Code Red took advantage of hundreds of thousands of unpatched IIS servers worldwide to launch what could have been a distributed denial of service (DDoS) attack on the White House web site. While the DDoS attack itself might not have been successful, we all were part of history -- Code Red was self-propagating throughout the Internet turning servers into DDoS agents ("zombies"), waiting for the trigger to launch an attack. This kind of thing has been predicted for years.
This presentation provides an overview of the Code Red Worm, describes how it works, and offers suggested counter- measures. URLs for many Internet sites with patches, tools, and additional information are also provided.
Gary Kessler
Gary C. Kessler is Assistant Professor and program coordinator of the Computer Networking major at Champlain College in Burlington, VT. He is also a consultant specializing in issues related to computer and network security, Internet and TCP/IP protocols and applications, e- commerce, and telecommunications technologies and applications. He was formerly a Senior Network Security Analyst at SymQuest Group, a network integration consulting company in South Burlington, VT and Director of Information Technology at Hill Associates, an international telecommunications training firm with headquarters in Colchester, VT. Gary is a frequent speaker at industry conferences, has written 2 books and over 55 articles on a variety of technology topics, and is an instructor both for his own classes on TCP/IP, network security, and related topics and for the SANS Institute (http://www.sans.org). He holds a B.A. in Mathematics, an M.S. in Computer Science, and is a CCNA. He is married and has two children. More information can be found at
http://www.garykessler.net/.
http://www.webtorials.com/main/eduweb/security/tutorial/codered/index.htm