Nimda.E having an impact ??
From: Russell Fulton (r.fulton@auckland.ac.nz)Date: 10/31/01
- Previous message: Matt Beck: "Help with Nimda.E?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: Russell Fulton <r.fulton@auckland.ac.nz> To: incidents@securityfocus.com Subject: Nimda.E having an impact ?? Message-ID: <SIMEON.10111011013.I26305@bluebottle.itss> Date: Thu, 1 Nov 2001 10:29:13 +1300 (NZDT)
Does Nimda.E have a different scanning strategy than previous versions?
Although the number of machines that I see probing us on port 80
remains fairly stable I notice that the actual volume of probes has
is up significantly over the last 24 hours. We are also seeing many
more machines in our own class A.
Some stats: (these are of machines that probed port 80 on an address
where nothing was listening over a 1 hour period (0800-0900 UTC +1200)
31 Oct 1 Nov
total number 1960 1947
number in 130.0.0.0/8 7 37 (1)
number with more than 100 8 9
number with more than 10 21 55
number of unicode attacks 12 19 (2)
notes:
1/ we are 130.216.0.0/16
2/ number of host on our network attacked as seen by snort on our DMZ
Russell Fulton, Computer and Network Security Officer
The University of Auckland, New Zealand
----------------------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management
and tracking system please see: http://aris.securityfocus.com
- Previous message: Matt Beck: "Help with Nimda.E?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
