RE: Yet Another Nimda Thread (YANT)

From: Andrew Blevins (ABlevins@arrowheadgrp.com)
Date: 09/21/01 

Message-ID: <234A38B183F6D3119EC80008C708924602F023DC@ArrowMail2>
From: Andrew Blevins <ABlevins@arrowheadgrp.com>
To: "'Portnoy, Gary'" <gportnoy@belenosinc.com>, "'intrusions@incidents.org'" <intrusions@incidents.org>, "'incidents@securityfocus.com'" <incidents@securityfocus.com>
Subject: RE: Yet Another Nimda Thread (YANT)
Date: Fri, 21 Sep 2001 09:53:16 -0700

Still getting attempts over here, but only about three to five a second,
instead of 70. We're on the 209.242 block.

Andrew Blevins

-----Original Message-----
From: Portnoy, Gary [mailto:gportnoy@belenosinc.com]
Sent: Friday, September 21, 2001 9:47 AM
To: 'intrusions@incidents.org'; 'incidents@securityfocus.com'
Subject: Yet Another Nimda Thread (YANT)

I heard there were a few reports of Nimda going completely quiet in certain
netblocks, but none were substantiated. I haven't seen a single Nimda IIS
exploit attempt since a little before 10 AM (EST). I checked my IDS, apache
logs, IIS logs -- nothing. Seems like it went silent. Still seeing CodeRed
though. Can any one correlate? I am somewhere in the 12.27 netblock :)

-Gary-

Gary Portnoy
Network Administrator
gportnoy@belenosinc.com

PGP Fingerprint: 9D69 6A39 642D 78FD 207C 307D B37D E01A 2E89 9D2C

----------------------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management
and tracking system please see: http://aris.securityfocus.com

----------------------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management
and tracking system please see: http://aris.securityfocus.com

Quantcast