Security Incidents mailing list archives
RE: Nimda Infections
From: "w1re p4ir" <w1rep4ir () disinfo net>
Date: 13 Nov 2001 15:49:58 -0000
When nimda was first launched I could've sworn it _was_ getting rid of all these horribly infectious hosts. Working with a few clients It appears that whenever it tftp outs it creates a TFTPXXXX (where the x's are incremental), around 50k files... Now each machine making hundereds of connection attempts a minute this fills up. Besides some machines having bigger harddrives than others, why aren't these too knocked off the internet? I remember watching the code red boxes i had logged (nearly 4000) just drop off the net one by one. It was quite amusing at first, but I'm still baffled as to why these other nimda infected machines aren't doing the same. Any one know/care? w1re ________________________________________________________ The Best News Source On The Web - http://www.disinfo.com ---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
Current thread:
- Nimda Infections reilly (Nov 12)
- <Possible follow-ups>
- RE: Nimda Infections Dial Joe (Nov 13)
- RE: Nimda Infections Jim Harrison (SPG) (Nov 13)
- RE: Nimda Infections Reilly (Nov 13)
- RE: Nimda Infections Ryan Russell (Nov 13)
- RE: Nimda Infections Reilly (Nov 13)
- RE: Nimda Infections Reilly (Nov 13)
- RE: Nimda Infections Reilly (Nov 13)
- RE: Nimda Infections Jim Howard (Nov 13)
- RE: Nimda Infections w1re p4ir (Nov 13)
- RE: Nimda Infections Neil Dickey (Nov 13)
- Nimda Infections and code red resurgence Russell Fulton (Nov 13)