Re: Lots and lots of DNS lookups and increased number of /default.ida?XXXXXXXXXXXXXXXXXXXXXXXX...s

["Tracey A. Losco" <tal1 () acf3 nyu edu>]

Not yet...but tonight was supposed to be the night that we would see a
second wave of Nimda traffic.  The time that was being speculated was
1:00am.  So far, I've only found one machine on my network scanning and
that was about 8:00pm.

Have you seen any scans from within your own IP space yet?

Tracey Losco
Network Security
NYU
212-998-3433

On Thu, 27 Sep 2001, Fred Cohen wrote:

> I seem to be seeing very large numbers of DNS lookups and lots of
> apparent /default.ida?XXXXXXXXXXXXXXXXXXXXXXXX...  lookups from my class
> B as of the last hour or so.
>
> Anyone else?
>
> FC
> --This communication is confidential to the parties it is intended to serve--
> Fred Cohen            Fred Cohen & Associates.........tel/fax:925-454-0171
> fc () all net         The University of New Haven.....http://www.unhca.com/
> http://all.net/               Sandia National Laboratories....tel:925-294-2087
>
>
> ----------------------------------------------------------------------------
> This list is provided by the SecurityFocus ARIS analyzer service.
> For more information on this free incident handling, management
> and tracking system please see: http://aris.securityfocus.com


----------------------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management 
and tracking system please see: http://aris.securityfocus.com