Security Incidents mailing list archives
RE: Nimda Infections
From: "Reilly" <reilly () speakeasy org>
Date: Mon, 12 Nov 2001 21:44:31 -0800
Well, I have to say that it is disappointing. Not only in the fact that these people don't clean their systems, but that this is one of the few things that I see. Most of my system logs are full of ONLY worm attacks. I don't even get that many newbie vuln scans. I get about 10 of them a YEAR! My company is Fortune 500 and this is all I get. I guess I should count my blessings but it does beg the question of "where is the REAL Inet fear?" I've seen a lot of postings to this group about attacks, however, most of them are pretty basic and there's not that many of them. I hate to nullify the security vendor's fear tactics but I don't see that much on a day to day basis. Am I alone? -----Original Message----- From: Chip McClure [mailto:vhm3 () hades dnsalias net] Sent: Monday, November 12, 2001 4:55 PM To: reilly () speakeasy net Cc: incidents () securityfocus com Subject: Re: Nimda Infections -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 No, you're not alone. I'm on the 24.x subnet, and I still get a ton of them banging away on my BSD box. On some of the class C's that I admin, I have seen a decrease, substantial, but not dramtic, on some of the 206.x & 216.x subnets. It's really frustrating, and aggrivating, to watch the amount of hist coming in, over & over from the same group of clients. I've been tempted to send the list to my ISP, but have held my patience for now. A lot of what I've read, is total ignorance on the users part - most don't even know that they're running a web server. I know, it is ignorance, but they should have some common sense, or mild technical abilities to see what is going on in their machine. Chip - ----- Chip McClure Sr. Unix Administrator GigGuardian, Inc. http://www.gigguardian.com/ - ----- On Mon, 12 Nov 2001 reilly () speakeasy net wrote:
It's amazing to me when I see the amount of systems still infected with
Nimda. In today's logs I see a huge amount of systems in the ATT network that are still banging away. I can't even give you the amount of systems that I'm seeing from China. What is so difficult about patching your system against the .hta, .htq vuln. I don't mean to go off on a rant but am I the only one that feels this way? Is everyone else seeing the same activity?
AT&T 12.101.62.4 12.102.47.51 12.103.156.10 12.103.159.94 12.64.128.3 12.64.134.199 12.72.139.96 12.73.5.135 12.74.161.194 12.75.41.165 12.77.146.214 12.77.148.241 12.77.151.250 12.78.144.115 12.81.109.130 12.81.120.25 12.81.163.216 12.81.2.240 12.83.81.182 12.83.83.74 12.84.96.198 12.87.145.155 12.88.161.248 12.88.173.180 12.89.165.130 12.91.118.157 12.98.144.18 12.99.178.250 12.99.179.10 12.99.28.7 12.99.94.158 --------------------------------------------------------------------------
--
This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
-----BEGIN PGP SIGNATURE----- Version: PGP 6.5.8 Comment: Made with pgp4pine 1.76 iQA/AwUBO/BvfIxq/3tb9j7EEQK7VACfUZTKKwLdP6zh/cwrYH6rxAbVvEIAoLaG woMnxi4PV60J+XwrhvOllDTD =lg18 -----END PGP SIGNATURE----- ---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
Current thread:
- Nimda Infections reilly (Nov 12)
- <Possible follow-ups>
- RE: Nimda Infections Dial Joe (Nov 13)
- RE: Nimda Infections Jim Harrison (SPG) (Nov 13)
- RE: Nimda Infections Reilly (Nov 13)
- RE: Nimda Infections Ryan Russell (Nov 13)
- RE: Nimda Infections Reilly (Nov 13)
- RE: Nimda Infections Reilly (Nov 13)
- RE: Nimda Infections Reilly (Nov 13)
- RE: Nimda Infections Jim Howard (Nov 13)
- RE: Nimda Infections w1re p4ir (Nov 13)
- RE: Nimda Infections Neil Dickey (Nov 13)
- Nimda Infections and code red resurgence Russell Fulton (Nov 13)