Indeed this does work. What I find interesting is that the majority of the IPs I've checked from my router logs have the stock, "Under Construction" IIS page from a new install and that the NT/2000 and Inetpub dirs have very recent creation dates associated with them. What I gather from this is that possibly these boxes were deliberately created for Code Red's sake by the curious. Maybe they just want to see what would happen. However, the fact that the IPs are scanning me suggests that they are not blocking the worm's ability to scan others, all the while allowing it to propogate. That in itself is bad news in my eyes.
Slashdot Mirror
Indeed this does work. What I find interesting is that the majority of the IPs I've checked from my router logs have the stock, "Under Construction" IIS page from a new install and that the NT/2000 and Inetpub dirs have very recent creation dates associated with them. What I gather from this is that possibly these boxes were deliberately created for Code Red's sake by the curious. Maybe they just want to see what would happen. However, the fact that the IPs are scanning me suggests that they are not blocking the worm's ability to scan others, all the while allowing it to propogate. That in itself is bad news in my eyes.