Acording to Firetower.com (a security consulting company that runs the Raptor Firewall Newsgroups) http proxy built into the Raptor Firewall 6.5 prevents some versions of the code red worm from spreading, but not others.

Has anyone here been infected by Code REd on a server behind a Raptor Firewall? Or do you know of someone who has been?

Just wondering.

Ich Ni San

There are basically 2 versions of code red. Version one wasn't truely random when it tried to hit IP addresses. Version two fixed this to make it truely random.

Why Raptor firewall would block one, but not the other is beyond me. Both use the same vulerability to move around and both are nearly identical except for the very small change in the code for the randomization.

OK - I just read the message on firetower.com. When they are talking about versions, they don't mean the code red versions, they are talking about variations in the ida/idq exploit. From reading it, the software apparently does block all code red worms, but might not block other ways of using the ida/idq exploit.

I have recently looked on www.attrition.org and noticed a fairly large archive of logs and other things of the sort that refer back to JP and AntiOnline participating in questionable and fraudulant acts. Due to my support for www.attrition.org and www.netflood.net I am currently pulling all my posts from this site and ask for my account termination. If you, JP, find that at any point you feel you can be at least half ass honorable then I will consider posting here again.