Security Incidents mailing list archives

Previous By Date Next
Previous By Thread Next

Re: why the nimda upsurge again?

From: Dug Song <dugsong () monkey org>
Date: Mon, 3 Dec 2001 23:10:30 -0500
On Mon, Dec 03, 2001 at 01:27:27PM -0500, Jose Nazario wrote:


in the past week or two i have noticed a strong upsurge in nimda probes
and requests, and i know i'm not alone in this. while the bulk of the
requests are local (given the mechanism it uses for addressing), several
are from outside our network. there is no similar rise appearant in code
red v1 or v2.


are you sure it's Nimda you're looking at?

we did see a slight surge in Nimda activity on our blackhole monitor,
but much smaller than when Nimda.E was introduced at the end of October:

        http://www.monkey.org/~dugsong/wormplot.png

-d.

---
http://www.monkey.org/~dugsong/

----------------------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management 
and tracking system please see: http://aris.securityfocus.com
Previous By Date Next
Previous By Thread Next

Current thread: