Security Incidents mailing list archives
Re: Yet Another Nimda Thread (YANT)
From: hvdkooij () vanderkooij org
Date: Fri, 21 Sep 2001 19:30:36 +0200 (CEST)
On Fri, 21 Sep 2001, Portnoy, Gary wrote:
I heard there were a few reports of Nimda going completely quiet in certain netblocks, but none were substantiated. I haven't seen a single Nimda IIS exploit attempt since a little before 10 AM (EST). I checked my IDS, apache logs, IIS logs -- nothing. Seems like it went silent. Still seeing CodeRed though. Can any one correlate? I am somewhere in the 12.27 netblock :)
Could be something else. Last hit I got was at 19:07 CET (17:07 UTC) and the rubble goes on as ever. (Every 3 hours I drop a report for CodeRed and for nimda on my server so anyone wanting to have a clue can have a glance at it. Hugo. -- All email send to me is bound to the rules described on my homepage. hvdkooij () vanderkooij org http://hvdkooij.xs4all.nl/ Don't meddle in the affairs of sysadmins, for they are subtle and quick to anger. ---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
Current thread:
- Yet Another Nimda Thread (YANT) Portnoy, Gary (Sep 21)
- Re: Yet Another Nimda Thread (YANT) Midnight Ryder (Sep 21)
- Re: Yet Another Nimda Thread (YANT) hvdkooij (Sep 21)
- Re: Yet Another Nimda Thread (YANT) Bryan Andersen (Sep 21)
- Re: Yet Another Nimda Thread (YANT) Tracey Losco (Sep 21)
- Re: Yet Another Nimda Thread (YANT) Florian Weimer (Sep 21)
- <Possible follow-ups>
- RE: Yet Another Nimda Thread (YANT) Andrew Blevins (Sep 21)
- RE: Yet Another Nimda Thread (YANT) Jose Nazario (Sep 21)
- Re: Yet Another Nimda Thread (YANT) Mike Lewinski (Sep 21)
- RE: Yet Another Nimda Thread (YANT) Robert Nieuwhof (Sep 21)
- Re: Yet Another Nimda Thread (YANT) Bryan Andersen (Sep 23)