Security Incidents mailing list archives
RE: Nimda.E having an impact ??
From: "Kinsey, Robert" <Robert.Kinsey () Veridian com>
Date: Wed, 31 Oct 2001 14:53:01 -0800
Russell, For the networks I monitor I am seeing similar activity to the original Nimda (same /16 subnet for now). I have, like you, noticed the volume of hits within the network range is different. I am also trying to correlate the connection attempts on port 80 with any attempts via tfpt for the same source/dest combination. This seems to alert me whether a box on my network becomes infected (the tfpt activity only occurs if a 200 OK response is seen to the port 80 activity). So far (thankfully) I have not seen that particular connection combination. from the trenches, Rob ---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
Current thread:
- RE: Nimda.E having an impact ?? Kinsey, Robert (Oct 31)