Security Incidents mailing list archives
Re: NIMDA has a built in timer? No hits lately
From: Paul Gear <paulgear () bigfoot com>
Date: Wed, 19 Sep 2001 09:13:17 +1000
David Kennedy CISSP wrote:
-----BEGIN PGP SIGNED MESSAGE----- I started getting hit @ 13:09:55 UTC this morning. My sensor have not been touched since 19:15:10 UTC this afternoon. Hypothesis: It's exhausted the IP space that would touch my IP's or it's turned itself off (if so will it turn itself on tomorrow ~1300 UTC?)
Well, it's still going for it here in Australia at 23:00 UTC on 2001-09-18.
Looking at the Internet Weather Report and the Internet Health Report, the net-performance hit seems to be easing.
No sign of performance improving here. I visited the URL of the previously-noted defaced site in Iran around 10 minutes ago, and the 77 Kb readme.eml that it wants to download is only 9% complete. (I'm on 256 Kbps cable, but maybe it's more an indication that their links are flooded.) Paul ---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
Current thread:
- NIMDA has a built in timer? No hits lately David Kennedy CISSP (Sep 18)
- Re: NIMDA has a built in timer? No hits lately Sevo Stille (Sep 18)
- Re: NIMDA has a built in timer? No hits lately Mike Baptiste (Sep 18)
- Re: NIMDA has a built in timer? No hits lately Paul Gear (Sep 18)
- Re: NIMDA has a built in timer? No hits lately Sevo Stille (Sep 18)