Full Disclosure mailing list archives

Re: New variant of Nachi ?

From: Florian Weimer <fw () deneb enyo de>
Date: Wed, 29 Oct 2003 14:46:38 +0100

Helmut Springer wrote:

Has anyone seen any evidence besides this and the two postings on
public lists?  No real trace after more than 24h it seems...


We see increased scanning activity, but it doesn't look like a
widespread worm:

    date    | sources | targets | flows
------------+---------+---------+-------
 2003-10-20 |    8058 |   10796 | 27206
 2003-10-21 |    3331 |    5908 | 11425
 2003-10-22 |    3660 |    7324 | 13989
 2003-10-23 |    2137 |    3853 |  6885
 2003-10-24 |    1459 |    3603 |  5505
 2003-10-25 |    1743 |    5717 |  9193
 2003-10-26 |    4248 |    5487 | 10954
 2003-10-27 |    8117 |   10073 | 23920
 2003-10-28 |    8463 |   10658 | 27231
 2003-10-29 |    3651 |    5171 | 10898

(Date, number of distinct source addresses, number of distinct target
addresses, flows AKA connection attempts -- incoming packets only, and
and the 2003-10-29 row is still increasing, of course.)

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

Current thread:

New variant of Nachi ? Awan, Farrukh (OCTO) (Oct 28)
- Re: New variant of Nachi ? KF (Oct 28)
  - Re: New variant of Nachi ? Helmut Springer (Oct 29)
    - Re: New variant of Nachi ? Florian Weimer (Oct 29)
- <Possible follow-ups>
- RE: New variant of Nachi ? Discini, Sonny (Oct 29)
  - Re: New variant of Nachi ? Valdis . Kletnieks (Oct 29)