Security Incidents mailing list archives

Previous By Date Next
Previous By Thread Next

RE: Yet Another Nimda Thread (YANT)

From: Andrew Blevins <ABlevins () arrowheadgrp com>
Date: Fri, 21 Sep 2001 09:53:16 -0700
Still getting attempts over here, but only about three to five a second,
instead of 70. We're on the 209.242 block.

Andrew Blevins



-----Original Message-----
From: Portnoy, Gary [mailto:gportnoy () belenosinc com]
Sent: Friday, September 21, 2001 9:47 AM
To: 'intrusions () incidents org'; 'incidents () securityfocus com'
Subject: Yet Another Nimda Thread (YANT)



I heard there were a few reports of Nimda going completely quiet in certain
netblocks, but none were substantiated.  I haven't seen a single Nimda IIS
exploit attempt since a little before 10 AM (EST).  I checked my IDS, apache
logs, IIS logs -- nothing.  Seems like it went silent.  Still seeing CodeRed
though. Can any one correlate?  I am somewhere in the 12.27 netblock :)

-Gary-

Gary Portnoy
Network Administrator
gportnoy () belenosinc com

PGP Fingerprint: 9D69 6A39 642D 78FD 207C  307D B37D E01A 2E89 9D2C


----------------------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management 
and tracking system please see: http://aris.securityfocus.com

----------------------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management 
and tracking system please see: http://aris.securityfocus.com
Previous By Date Next
Previous By Thread Next

Current thread: