Re: why the nimda upsurge again?
From: Dug Song (dugsong@monkey.org)Date: 12/04/01
- Previous message: Dave Dittrich: "Re: Attacks against SSH?"
- In reply to: Jose Nazario: "why the nimda upsurge again?"
- Next in thread: Jose Nazario: "Re: why the nimda upsurge again?"
- Next in thread: James: "RE: why the nimda upsurge again?"
- Reply: Jose Nazario: "Re: why the nimda upsurge again?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Mon, 3 Dec 2001 23:10:30 -0500 From: Dug Song <dugsong@monkey.org> To: Jose Nazario <jose@biocserver.BIOC.cwru.edu>
On Mon, Dec 03, 2001 at 01:27:27PM -0500, Jose Nazario wrote:
> in the past week or two i have noticed a strong upsurge in nimda probes
> and requests, and i know i'm not alone in this. while the bulk of the
> requests are local (given the mechanism it uses for addressing), several
> are from outside our network. there is no similar rise appearant in code
> red v1 or v2.
are you sure it's Nimda you're looking at?
we did see a slight surge in Nimda activity on our blackhole monitor,
but much smaller than when Nimda.E was introduced at the end of October:
http://www.monkey.org/~dugsong/wormplot.png
-d.
--- http://www.monkey.org/~dugsong/---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
- Previous message: Dave Dittrich: "Re: Attacks against SSH?"
- In reply to: Jose Nazario: "why the nimda upsurge again?"
- Next in thread: Jose Nazario: "Re: why the nimda upsurge again?"
- Next in thread: James: "RE: why the nimda upsurge again?"
- Reply: Jose Nazario: "Re: why the nimda upsurge again?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
