August 2nd, 2001, 06:18 PM
Acording to Firetower.com (a security consulting company that runs the Raptor Firewall Newsgroups) http proxy built into the Raptor Firewall 6.5 prevents some versions of the code red worm from spreading, but not others.
Has anyone here been infected by Code REd on a server behind a Raptor Firewall? Or do you know of someone who has been?
Ich Ni San
August 4th, 2001, 12:17 AM
code red versions
There are basically 2 versions of code red. Version one wasn't truely random when it tried to hit IP addresses. Version two fixed this to make it truely random.
Why Raptor firewall would block one, but not the other is beyond me. Both use the same vulerability to move around and both are nearly identical except for the very small change in the code for the randomization.
August 4th, 2001, 12:21 AM
Reminder to self: read first
OK - I just read the message on firetower.com. When they are talking about versions, they don't mean the code red versions, they are talking about variations in the ida/idq exploit. From reading it, the software apparently does block all code red worms, but might not block other ways of using the ida/idq exploit.
August 5th, 2001, 05:20 PM
I have recently looked on www.attrition.org and noticed a fairly large archive of logs and other things of the sort that refer back to JP and AntiOnline participating in questionable and fraudulant acts. Due to my support for www.attrition.org and www.netflood.net I am currently pulling all my posts from this site and ask for my account termination. If you, JP, find that at any point you feel you can be at least half ass honorable then I will consider posting here again.