, 9 tweets, 2 min read Read on Twitter
1/ Let's talk about CodeRed for a moment. It's one of the watershed events in the early history of the Internet.
2/ You can read about it on the Wikipedia page. It was a major worm in 2001 that spread through Microsoft's IIS webservers.
en.wikipedia.org/wiki/Code_Red_…
3/ Sometime before the worm happened, I got an email from a higher up at Microsoft "BTW, I tried to hack your website over the weekend". This was appropriate, we had a close relationship were such things were allowed.
4/ However, his hacking attempt failed, because I had the ".ida" extension turned off, as did a lot of servers. The majority of machines the worm infected were in fact workstations that had the extension enabled by default.
5/ Back in those days, the default configuration of all systems, Windows, Solaris, Linux included, was to enable all sorts of stuff, which was insecure as heck. Hardened systems were relatively secure.
6/ Solaris worms were much worse in general when CodeRed happened, but CodeRed was worse than any Solaris worm because of the sheer numbers of desktops, not because of a difference in servers.
7/ Anyway, I was at some sort of corporate function with @kevinmitnick in attendance, soon after his release from jail. Apparently, he'd heard of the .ida bug (which hadn't been disclosed yet), which I found a bit odd.
8/ I wrote a tarpit for CodeRed (I called it "deredoc"). I'd written a tarpit for the Morris worm, but it didn't work then because the Morris worm was well written and timed out connections. CodeRed didn't, so tarpits stopped the worm.
9/ A "tarpit" is a tool that will accept incoming connections and simply hold open the connection forever. This causes worms like CodeRed to eventually run out of resources and stop running because all the connections are left open.
Missing some Tweet in this thread?
You can try to force a refresh.

Like this thread? Get email updates or save it to PDF!

Subscribe to Robᵇᵉᵗᵒ Graham
Profile picture

Get real-time email alerts when new unrolls are available from this author!

This content may be removed anytime!

Twitter may remove this content at anytime, convert it as a PDF, save and print for later use!

Try unrolling a thread yourself!

how to unroll video

1) Follow Thread Reader App on Twitter so you can easily mention us!

2) Go to a Twitter thread (series of Tweets by the same owner) and mention us with a keyword "unroll" @threadreaderapp unroll

You can practice here first or read more on our help page!

Follow Us on Twitter!

Did Thread Reader help you today?

Support us! We are indie developers!


This site is made by just three indie developers on a laptop doing marketing, support and development! Read more about the story.

Become a Premium Member ($3.00/month or $30.00/year) and get exclusive features!

Become Premium

Too expensive? Make a small donation by buying us coffee ($5) or help with server cost ($10)

Donate via Paypal Become our Patreon

Thank you for your support!