| 會員  | 我的 Win2000 Pro也是一樣 用Giga的ADSL 玩天堂 一進去以後 走路的速度 比加速還快.....不到一分鐘 就被中斷連線 PS.我沒有裝加速程式. 但是我的另一系統WinMe 玩起來 一切正常.....怪怪 |
| 回覆 |
| 高級會員 | Code_Red(紅色密碼)主要透過網路來散播,它會攻擊微軟IIS伺服器的漏洞,並竄改IIS首頁設定。使用微軟IIS軟體架設網頁伺服的企業及SOHO族將是此電腦蠕蟲主要攻擊對象。電腦駭客藉此電腦蠕蟲可以遠端遙控使用者系統,對知名網站進行阻絕式服務攻擊,且該蠕蟲會自動執行,對網站發動阻絕式服務攻擊或任意產生IP位址,並透過80 port 來散播和複製自己 。會影響所有Web server及ADSL Router 和各家IP分享器只要透過80 port提供 Remote config的機器,會經常斷線或無法上網。 以下是cisco網站上的說明 At least two versions of the "Code Red" worm are known to exist. Both versions exploit a known vulnerability in Microsoft IIS by passing a specially crafted Uniform Resource Identifier (URI) to the default HTTP service, port 80, on a susceptible system. The URI in version 1 consists of binary instructions which cause the infected host to either begin scanning other random IP addresses and pass the infection on to any other vulnerable systems it finds, or launch a denial of service attack targeted at the IP address 198.137.240.91 which, until very recently, was assigned to www.whitehouse.gov. In both cases, the worm replaces the web server's default web page with a defaced page at the time of initial infection. Version 2 has the same behavior, except that it does not deface the default web page, and it no longer contains a hard-coded address for www.whitehouse.gov, opting instead to look up the address via DNS. Version 1 does not produce a truly random list of addresses to attack, whereas version 2 contains a fixed randomizer that will attempt all possible IP addresses except those beginning with 127.x.x.x or 224.x.x.x. The worm does not check for pre-existing infection, so that any given system may be executing as many copies of the worm as have scanned it, with a compounding effect on system and network demand. Cisco products that are directly vulnerable because they use IIS can be repaired by applying the recommended patches from Microsoft. Workarounds are available as a temporary measure. Side-effects caused by the worm can expose unrelated problems on other products. When the traffic from the worm reaches a significant level, a Cisco CSS 11000 series Content Service Switch may suffer a memory allocation error that leads to memory corruption and will require a reboot. The defect is documented in DDTS CSCdu76237. As a separate side-effect, the URI used by the worm to infect other hosts causes Cisco 600 series DSL routers to stop forwarding traffic if they have not been upgraded for a previously-published unrelated vulnerability. An affected 600 series router that has been scanned by the "Code Red" worm will not resume normal service until the power has been cycled. The nature of the "Code Red" worm's scan of random IP addresses and the resulting sharp increase in network traffic can noticeably affect Cisco routers running Cisco IOS software, depending on the device, its current configuration, and the topology of the network. Unusually high CPU utilization and memory starvation may occur, and it can be mitigated in many cases simply by refining the configuration. Software Versions and Fixes Microsoft has made a patch available for affected systems at http://www.microsoft.com/technet/tre.../MS01-033.asp. Cisco is providing the same patch at http://www.cisco.com/pcgi-bin/Softwa...date-2.exe&swtype=FCS&code=&size=246296. |
| 回覆 |
| 會員  | 引用:
對於 Cisco 某些型號的 ATU-R 來說, code red 用來散播的字串正好命中了一個 bug, 所以會造成當機斷線的情形. 但是對於未修補的 NT/2000 + IIS, 因為中毒以後會產生 600 個 thread 向外掃瞄, 對系統來說是一種很大的負擔 | |
| 回覆 |
| 進階會員 | 引用:
我把病毒碼更新到923就抓到了~ 目前修復了~ 難怪電腦一直送封包出去 | |
| 回覆 |
| XML | RSS 2.0 | RSS |
本論壇所有文章僅代表留言者個人意見,並不代表本站之立場,討論區以「即時留言」方式運作,故無法完全監察所有即時留言,若您發現文章可能有異議,請 email :[email protected] 處理。
