Subject: Re: Code-red worm (snicker snicker...)
To: Brian Hechinger <>
From: Steven M. Bellovin <>
List: netbsd-users
Date: 08/02/2001 14:24:30
In message <>, Brian Hechinger writes:
>On Thu, Aug 02, 2001 at 08:09:08PM +0200, Michael Kukat wrote:
>> But don't think you are safe, because your Alpha can't execute the i386-code
>> of the script kiddies. Interpreter scripts (like usual shell scripts) just r
>> if the buffer overflow allows execution of code. So just start with "#!/bin/
>> and it will run on every platform, can modify /etc/inetd.conf, HUP it, and
>> voila, your shell on some port is open...
>you run your web server as root?  then you get what you deserve. :)

It's worth noting that the effects of the current Code Red worm would 
be identical if it were running as "www".  It spread, which requires 
network access; it defaced the site, which requires "www" access; and 
it tried to flood, which again requires network 

		--Steve Bellovin,