Re: Yet Another Nimda Thread (YANT)

["Midnight Ryder" <midryder () midnightryder com>]

Last Nimda attempt here was at 11:14 AM (CST), and prior to that was at
10:31 AM.  Things have slowed down considerably here - my log file is 64k at
the moment.  Yesterday at this time it was about 200k, and the day before it
was at about 600k.  Huge difference.  I'm hiding somewhere in the
208.34.xxx.xxx range.  And, yep - I'm still seeing some CR background noise
again (on the first day of Nimda, I didn't see any CR traffic after 8:08 AM,
the first Nimda entry...)

Davis Sickmon,
> From various companies...

----- Original Message -----
From: "Portnoy, Gary" <gportnoy () belenosinc com>
To: <intrusions () incidents org>; <incidents () securityfocus com>
Sent: Friday, September 21, 2001 11:46 AM
Subject: Yet Another Nimda Thread (YANT)


> I heard there were a few reports of Nimda going completely quiet in
certain
> netblocks, but none were substantiated.  I haven't seen a single Nimda IIS
> exploit attempt since a little before 10 AM (EST).  I checked my IDS,
apache
> logs, IIS logs -- nothing.  Seems like it went silent.  Still seeing
CodeRed
> though. Can any one correlate?  I am somewhere in the 12.27 netblock :)
>
> -Gary-
>
> Gary Portnoy
> Network Administrator
> gportnoy () belenosinc com
>
> PGP Fingerprint: 9D69 6A39 642D 78FD 207C  307D B37D E01A 2E89 9D2C


----------------------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management 
and tracking system please see: http://aris.securityfocus.com