RE: Nimda.E having an impact ??

["Kinsey, Robert" <Robert.Kinsey () Veridian com>]

Russell,

For the networks I monitor I am seeing similar activity to the original
Nimda (same /16 subnet for now).  I have, like you, noticed the volume of
hits within the network range is different.  I am also trying to correlate
the connection attempts on port 80 with any attempts via tfpt for the same
source/dest combination.  This seems to alert me whether a box on my network
becomes infected (the tfpt activity only occurs if a 200 OK response is seen
to the port 80 activity).  So far (thankfully) I have not seen that
particular connection combination.

from the trenches,

Rob

----------------------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management 
and tracking system please see: http://aris.securityfocus.com