RE: Nimda Infections

[Dial Joe <Joe.Dial () at siemens com>]

Yes,
My home connection is via @home and there seem to be lots of systems which
still have Nimda, even code red on the (aparently somewhat local) net with
me.  I think/hope @home is blocking somewhere upstream.  At work, we have
the same provider, but a different group (FiberNet vs. @home) and there
seems to be a fair amount of  this type of traffic on that net as well.  I
had to put in web log management on the DNS server because Apache's error
and access logs are full of that crap. Eventually, I'll probably have to
remove the web server (it doesn't really need it), just to prevent a disk
full DoS.

I have been assuming that it was just me.
Joe


|-----Original Message-----
|From: reilly () speakeasy net [mailto:reilly () speakeasy net]
|Sent: Monday, November 12, 2001 6:28 PM
|To: incidents () securityfocus com
|Subject: Nimda Infections
|
|
|It's amazing to me when I see the amount of systems still 
|infected with Nimda.  In today's logs I see a huge amount of 
|systems in the ATT network that are still banging away.  I 
|can't even give you the amount of systems that I'm seeing from 
|China.  What is so difficult about patching your system 
|against the .hta, .htq vuln.  I don't mean to go off on a rant 
|but am I the only one that feels this way?  Is everyone else 
|seeing the same activity?

----------------------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management 
and tracking system please see: http://aris.securityfocus.com