RE: Nimda Probes Stopped

[Jeff Peterson <jpeterson () btiis net>]

Here is a breakdown of port 80 probes to a machine I keep on a live IP
address with no protection.  I have BlackIce keeping tabs on it.  These
numbers are for 09/18/01, and are in Pacific time.

00:00-01:59             6
01:00-01:59             6
02:00-02:59             3
03:00-03:59             0
04:00-04:59             3
05:00-05:59             0
06:00-06:59             26
07:00-07:59             86
08:00-08:59             27
09:00-09:59             25
10:00-10:59             36
11:00-11:59             44
12:00-12:59             97
13:00-13:59             19
14:00-14:59             76
15:00-15:59             144
16:00-16:59             96
17:00-17:59             2
18:00-18:59             29
19:00-19:59             12
20:00-20:59             64
21:00-21:59             1
22:00-22:59             76
23:00-23:59             109

-----Original Message-----
From: Jason Giglio [mailto:jgiglio () smythco com]
Sent: Tuesday, September 18, 2001 11:49 AM
To: incidents () securityfocus com
Subject: Nimda Probes Stopped


Apparently the probes have stopped as quickly as they began, here at least,
around 2:30 Eastern time.


internettrafficreport.com is showing some recovery also.


Is this phase over now?  Makes one wonder what's next...
--
Jason Giglio
Information Technology Coordinator, Smyth Companies, Bedford VA
Phone: 540-586-2311x113
e-mail: jgiglio () smythco com

----------------------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management 
and tracking system please see: http://aris.securityfocus.com

----------------------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management 
and tracking system please see: http://aris.securityfocus.com