RE: Code Red : Any people around?

While there's incomplete information available in the standard places, it appears to be a hardcoded IP.

I, along with many others, have null routed it.... Symantec's site claims the IP address is no longer active at any rate.

It *appears* that from xx-20-xxxx through xx-28-xxxx, this thing will attack that IP address... meaning that measures already in place will minimize damage from the portion of the code that attempts to flood Networks where isn't blocked could see network congestion, I suppose, if they host a large number of infected machines.

I've seen a claim that if the date is greater than 28, the threads just go into an infinite sleep.

From what I can see, I would expect another round of probes to take place starting on 01-August-2001...

If you read through eEye's disasm dump, you can find that it's hardcoded
to the ip of, which I don't remember but ends in .91