Security Incidents mailing list archives
RE: Wave of Nimda-like hits this morning?
From: Greg Williamson <n120476 () phaedrus national com au>
Date: Wed, 27 Feb 2002 11:57:55 +1100 (EST)
Mailing-List: contact incidents-help () securityfocus com; run by ezmlm List-Id: <incidents.list-id.securityfocus.com> List-Post: <mailto:incidents () securityfocus com>
All,
I have been seeing those scans pretty nonstop since the outbreak of Nimda. AT&T tells me that they have blocked Code Red, CRII, and Nimda upstream, but I still get this traffic 15 times a day or so. Yesterday, I had one IP hit my machine, looking for cmd.exe 27 times...
I've also seen a fair number of these recently. My "record" was 700+ hits from a machine the was "close" to me. Judicious use of curl indicated the the machine was infected with Nimda. A recent re-check has shown it to be resolved now. Whilst it takes some people quite a while to fix it (or in fact notice it) ("it'll never happen to me") it's slowly dimishing. I'm also not seeing any apache crashes - Apache 1.3.12 on RH7.0 (plus appropriate patches) Greg. ---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
Current thread:
- PHP exploit (Was Re: Wave of Nimda-like hits this morning?), (continued)
- PHP exploit (Was Re: Wave of Nimda-like hits this morning?) Chris Adams (Feb 27)
- RE: Wave of Nimda-like hits this morning? Brian Mooney (Feb 26)
- Re: Wave of Nimda-like hits this morning? John Brahy (Feb 26)
- Re: Wave of Nimda-like hits this morning? Jay D. Dyson (Feb 27)
- Re: Wave of Nimda-like hits this morning? Benjamin Morin (Feb 28)
- RE: Wave of Nimda-like hits this morning? Christopher L. Morrow (Feb 27)
- Re: Wave of Nimda-like hits this morning? John Brahy (Feb 26)
- Re: Wave of Nimda-like hits this morning? security (Feb 26)
- Re: Wave of Nimda-like hits this morning? Erick Brockway (Feb 27)
- Wave of Nimda-like hits this morning? Michael Sutton (Feb 26)
- RE: Wave of Nimda-like hits this morning? Ronneil Camara (Feb 26)
- RE: Wave of Nimda-like hits this morning? Greg Williamson (Feb 26)
- New Attack / New Vulnerability? Sterling Moses (Feb 27)
- Re: New Attack / New Vulnerability? Mark Seiden (Feb 27)
- New Attack / New Vulnerability? Sterling Moses (Feb 27)
- RE: Wave of Nimda-like hits this morning? Darren Young (Feb 27)
- RE: Wave of Nimda-like hits this morning? Scott A. Barbour (Feb 27)