Security Incidents mailing list archives
RE: Yet Another Nimda Thread (YANT)
From: "Robert Nieuwhof" <RNieuwhof () nos com>
Date: Fri, 21 Sep 2001 10:02:15 -0700
Apparently you are alone in this. My IDS reports that scans continue from the 64. Netblock, owned by Exodus. Robert J. Nieuwhof, CNA, MCP mailto:Rnieuwhof () nos com Network Engineer NOS Communications - Information Services http://www.nos.com Madness takes its toll. Please have exact change. The information contained in this correspondence is confidential and intended for the use of the individual or entity named above. Unauthorized distribution is prohibited. Any and all opinions expressed, are the opinions of the author of this e-mail, and in no way reflect or imply the opinions of NOS Communications. -----Original Message----- From: Portnoy, Gary [mailto:gportnoy () belenosinc com] Sent: Friday, September 21, 2001 9:47 AM To: 'intrusions () incidents org'; 'incidents () securityfocus com' Subject: Yet Another Nimda Thread (YANT) I heard there were a few reports of Nimda going completely quiet in certain netblocks, but none were substantiated. I haven't seen a single Nimda IIS exploit attempt since a little before 10 AM (EST). I checked my IDS, apache logs, IIS logs -- nothing. Seems like it went silent. Still seeing CodeRed though. Can any one correlate? I am somewhere in the 12.27 netblock :) -Gary- Gary Portnoy Network Administrator gportnoy () belenosinc com PGP Fingerprint: 9D69 6A39 642D 78FD 207C 307D B37D E01A 2E89 9D2C ---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com [INFO] -- Virus Manager: This email message and any attachments have been scanned for viruses and are believed to be free of any virus. This email, including any attached files, is confidential and is for the sole use of the individual or entity for whom it is intended. This email represents the originators personal views and opinions, which do not necessarily reflect those of this Company. If you are not the intended recipient of this email, be advised that you have received this email in error. Any use, dissemination, forwarding, printing, or copying of this email is strictly prohibited and may be subject to legal sanction. If you have received this email in error, please immediately notify postmaster () sitehelp org . This email and any attachments have been scanned for viruses and are believed to be free of any virus or defect that might affect any computer system into which it is received. However, it is the responsibility of the recipient to ensure that it is virus free and no responsibility or liability is accepted by this Company for loss or damage arising from its use. ---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
Current thread:
- Yet Another Nimda Thread (YANT) Portnoy, Gary (Sep 21)
- Re: Yet Another Nimda Thread (YANT) Midnight Ryder (Sep 21)
- Re: Yet Another Nimda Thread (YANT) hvdkooij (Sep 21)
- Re: Yet Another Nimda Thread (YANT) Bryan Andersen (Sep 21)
- Re: Yet Another Nimda Thread (YANT) Tracey Losco (Sep 21)
- Re: Yet Another Nimda Thread (YANT) Florian Weimer (Sep 21)
- <Possible follow-ups>
- RE: Yet Another Nimda Thread (YANT) Andrew Blevins (Sep 21)
- RE: Yet Another Nimda Thread (YANT) Jose Nazario (Sep 21)
- Re: Yet Another Nimda Thread (YANT) Mike Lewinski (Sep 21)
- RE: Yet Another Nimda Thread (YANT) Robert Nieuwhof (Sep 21)
- Re: Yet Another Nimda Thread (YANT) Bryan Andersen (Sep 23)