Security Incidents mailing list archives
Re: Tracking down the still infected hosts
From: Skip Carter <skip () taygeta com>
Date: Tue, 25 Sep 2001 12:54:11 -0700
According to Ryan Russell (who's been analyzing the worm code), Nimda doesn't honor redirects - it just checks the response it gets from a Web server to determine whether or not the server is vulnerable. It doesn't follow redirects. So what does this actually accomplish? Isn't it possible that the Nimda traffic is going down because of the decaying growth curve of propagation? Or am I just missing something?
On my network, it certainly is the case that Nimda traffic is dropping off, here is what I have seen in the last week: date incidents 09/18 2996 09/19 2014 09/20 1136 09/21 165 09/22 382 09/23 371 09/24 147 -- Dr. Everett (Skip) Carter Phone: 831-641-0645 FAX: 831-641-0647 Taygeta Scientific Inc. INTERNET: skip () taygeta com 1340 Munras Ave., Suite 314 UUCP: ...!uunet!taygeta!skip Monterey, CA. 93940 WWW: http://www.taygeta.com/skip.html ---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
Current thread:
- Tracking down the still infected hosts Darren Windham (Sep 24)
- Re: Tracking down the still infected hosts Mike Lewinski (Sep 24)
- <Possible follow-ups>
- RE: Tracking down the still infected hosts Martinez, Simon (Sep 24)
- RE: Tracking down the still infected hosts Fulton L. Preston Jr. (Sep 24)
- RE: Tracking down the still infected hosts Ryan McDonnell (Sep 25)
- Re: Tracking down the still infected hosts Kyle R. Hofmann (Sep 25)
- Re: Tracking down the still infected hosts Tina Bird (Sep 25)
- Re: Tracking down the still infected hosts Skip Carter (Sep 25)
- Re: Tracking down the still infected hosts Kyle R. Hofmann (Sep 25)
- Re: Tracking down the still infected hosts Dale Lancaster (Sep 25)
- Re: Tracking down the still infected hosts Duncan Hill (Sep 25)
- Re: Tracking down the still infected hosts Josh Burroughs (Sep 25)
- Message not available
- Re: Tracking down the still infected hosts Nicole Haywood (Sep 25)
- Re: Tracking down the still infected hosts Ryan Russell (Sep 25)