Security Incidents mailing list archives
RE: Nimda Probes Stopped
From: Jonathan Rickman <jonathan () xcorps net>
Date: Tue, 18 Sep 2001 22:02:41 -0400 (EDT)
On Tue, 18 Sep 2001, Andrew Blevins wrote:
We are still seeing a large amount of probes on the west coast. As of 6:30 Eastern Time
Same here. 21:56 EST Seems to come in waves. Several hundred probes in less than a minute, then nothing for sometimes as long as 20 minutes. Seeing more "repeat offenders" now though. We must be getting close to saturation... One of the organizations I alerted was a public utility company who's billing cycle ends on the 20th. A quick scan of their logs for older user agents reveals that MANY of their customers probably we're infected while trying to pay their bills. They have quite a mess to clean up...both on the technical side, and the public relations side. -- Jonathan Rickman X Corps Security http://www.xcorps.net ---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
Current thread:
- Nimda Probes Stopped Jason Giglio (Sep 18)
- Re: Nimda Probes Stopped Stuart Staniford (Sep 18)
- Nimda mostly infects /8-locally. Thomas Roessler (Sep 18)
- Re: Nimda mostly infects /8-locally. Bryan Andersen (Sep 18)
- <Possible follow-ups>
- RE: Nimda Probes Stopped Andrew Blevins (Sep 18)
- RE: Nimda Probes Stopped Jonathan Rickman (Sep 18)
- Re: Nimda Probes Stopped Stuart Staniford (Sep 18)
- RE: Nimda Probes Stopped Robert Nieuwhof (Sep 19)
- RE: Nimda Probes Stopped Jeff Peterson (Sep 19)