Security Incidents mailing list archives

RE: Nimda Probes Stopped

From: Jonathan Rickman <jonathan () xcorps net>
Date: Tue, 18 Sep 2001 22:02:41 -0400 (EDT)

On Tue, 18 Sep 2001, Andrew Blevins wrote:

We are still seeing a large amount of probes on the west coast. As of 6:30
Eastern Time


Same here. 21:56 EST Seems to come in waves. Several hundred probes in
less than a minute, then nothing for sometimes as long as 20 minutes.
Seeing more "repeat offenders" now though. We must be getting close to
saturation...

One of the organizations I alerted was a public utility company who's
billing cycle ends on the 20th. A quick scan of their logs for older user
agents reveals that MANY of their customers probably we're infected while
trying to pay their bills. They have quite a mess to clean up...both on
the technical side, and the public relations side.

-- 
Jonathan Rickman
X Corps Security
http://www.xcorps.net


----------------------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management 
and tracking system please see: http://aris.securityfocus.com

Current thread:

Nimda Probes Stopped Jason Giglio (Sep 18)
- Re: Nimda Probes Stopped Stuart Staniford (Sep 18)
- Nimda mostly infects /8-locally. Thomas Roessler (Sep 18)
  - Re: Nimda mostly infects /8-locally. Bryan Andersen (Sep 18)
- <Possible follow-ups>
- RE: Nimda Probes Stopped Andrew Blevins (Sep 18)
  - RE: Nimda Probes Stopped Jonathan Rickman (Sep 18)
- Re: Nimda Probes Stopped Stuart Staniford (Sep 18)
- RE: Nimda Probes Stopped Robert Nieuwhof (Sep 19)
- RE: Nimda Probes Stopped Jeff Peterson (Sep 19)