News from PANUG - July 20, 2001

CODE RED MATH AND CYBER WEAPONS
by Ed Sawicki

By now, you know about the IIS Code Red worm and you probably
know that the ultimate goal of the worm is to conduct a
distributed denial of service attach against the White House
Internet site. What you may not appreciate is the scale of
the attack.

The attack exploits yet another of the many security holes in
Microsoft's IIS web server. A server can be infected more than
one time. Each time a IIS server is infected, it will send
about 4.1 MB in about 4.5 hours. The process then repeats.

It's estimated that about 200,000 IIS servers have been
infected and some of these multiple times. Of course, the
administrators of some of these servers have already applied
the patch. Let's say the total number of infections is only
300,000. This would yield a total of 1,230,000 MB or 1.1 TB
(terabyte) flowing over the Internet every 4.5 hours.

Most of this 1.1 TB of data is targeted at whitehouse.gov.
This is electronic warfare against our government and companies
running IIS are providing the weapons.

Microsoft has become a cyberspace weapons supplier.

Do the world a favor and turn in your weapons. The PANUG and
BizNix user groups are running Apache training classes in
August.