RE: Wave of Nimda-like hits this morning?
From: Christopher L. Morrow (chris@UU.NET)Date: 02/27/02
- Previous message: Doug Harold: "RE: "Nimda"?"
- In reply to: Brian Mooney: "RE: Wave of Nimda-like hits this morning?"
- Next in thread: security: "Re: Wave of Nimda-like hits this morning?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Wed, 27 Feb 2002 01:44:43 +0000 (GMT) From: "Christopher L. Morrow" <chris@UU.NET> To: Brian Mooney <brian@medcontrax.com>
On Tue, 26 Feb 2002, Brian Mooney wrote:
> I have been seeing those scans pretty nonstop since the outbreak of
> Nimda. AT&T tells me that they have blocked Code Red, CRII, and Nimda
> upstream, but I still get this traffic 15 times a day or so. Yesterday,
> I had one IP hit my machine, looking for cmd.exe 27 times...
>
How did AT&T block these upstream from you? Unless they installed a proxy
firewall, or a router that can effectively do layer 4+ filtering I can't
see this being accomplished for all customers off a AT&T edge router.
Perhaps did they block this traffic on a firewall they manage for you?
----------------------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management
and tracking system please see: http://aris.securityfocus.com
- Previous message: Doug Harold: "RE: "Nimda"?"
- In reply to: Brian Mooney: "RE: Wave of Nimda-like hits this morning?"
- Next in thread: security: "Re: Wave of Nimda-like hits this morning?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
