“Code Red” worm foiled.

Thu Jul 19 17:30:29 PDT 2001 — “Code Red” worm foiled. The “Code Red” worm was supposed to flood www.whitehouse.gov at 5pm PDT. Sonic.net staff was standing by waiting for any sign of trouble — and encountered a non-event. It turns out that, to foil the worm, www.whitehouse.gov’s IP address was changed, and some backbone providers filtered the old IP address at their borders. (A traceroute showed the old address being blocked at the other end of our UUNet T3.) Since the worm couldn’t contact the web site, the denial of service attack never happened. Meanwhile, an analysis of our web logs showed that three Sonic.net customers were infected with the worm, who we are in the process of contacting. -Scott, Kelsey, Eli

Leave a Reply

Your email address will not be published.

*