Security Incidents mailing list archives
Re: Yet Another Nimda Thread (YANT)
From: Bryan Andersen <bryan () visi com>
Date: Fri, 21 Sep 2001 13:15:13 -0500
"Portnoy, Gary" wrote:
I heard there were a few reports of Nimda going completely quiet in certain netblocks, but none were substantiated. I haven't seen a single Nimda IIS exploit attempt since a little before 10 AM (EST). I checked my IDS, apache logs, IIS logs -- nothing. Seems like it went silent. Still seeing CodeRed though. Can any one correlate? I am somewhere in the 12.27 netblock :)
I wish I could say things have gone all quiet, but I've seen 20 scans sofar today. 2 in the past hour. Looks like I have three to forward to my ISP. Times are (-500) dd/mmm/yyyy:hh CodeRed Nimda -------------- -------------------- --------------------- 21/Sep/2001:00 /16 0 /8 0 /0 0 /16 0 /8 4 /0 4 21/Sep/2001:01 /16 0 /8 0 /0 1 /16 0 /8 4 /0 4 21/Sep/2001:02 /16 0 /8 0 /0 0 /16 0 /8 4 /0 4 21/Sep/2001:03 /16 0 /8 0 /0 0 /16 0 /8 2 /0 2 21/Sep/2001:04 /16 0 /8 0 /0 1 /16 0 /8 1 /0 1 21/Sep/2001:05 /16 0 /8 0 /0 0 /16 0 /8 0 /0 0 21/Sep/2001:06 /16 0 /8 0 /0 1 /16 0 /8 0 /0 0 21/Sep/2001:07 /16 0 /8 0 /0 0 /16 0 /8 0 /0 0 21/Sep/2001:08 /16 0 /8 0 /0 0 /16 0 /8 0 /0 0 21/Sep/2001:09 /16 0 /8 0 /0 1 /16 0 /8 0 /0 0 21/Sep/2001:10 /16 0 /8 0 /0 0 /16 1 /8 1 /0 2 21/Sep/2001:11 /16 1 /8 1 /0 1 /16 0 /8 1 /0 1 21/Sep/2001:12 /16 1 /8 1 /0 1 /16 2 /8 2 /0 2 18/Sep/2001:08 /16 0 /8 0 /0 0 /16 8 /8 15 /0 15 18/Sep/2001:09 /16 0 /8 0 /0 0 /16 12 /8 17 /0 18 18/Sep/2001:10 /16 0 /8 1 /0 1 /16 16 /8 18 /0 18 18/Sep/2001:11 /16 0 /8 0 /0 0 /16 17 /8 25 /0 25 18/Sep/2001:12 /16 0 /8 0 /0 2 /16 15 /8 27 /0 27 18/Sep/2001:13 /16 0 /8 0 /0 0 /16 11 /8 20 /0 20 18/Sep/2001:14 /16 0 /8 2 /0 2 /16 6 /8 13 /0 13 18/Sep/2001:15 /16 0 /8 2 /0 2 /16 3 /8 11 /0 11 18/Sep/2001:16 /16 0 /8 0 /0 0 /16 3 /8 11 /0 11 18/Sep/2001:17 /16 0 /8 2 /0 2 /16 8 /8 18 /0 18 18/Sep/2001:18 /16 0 /8 3 /0 3 /16 9 /8 20 /0 21 18/Sep/2001:19 /16 0 /8 0 /0 0 /16 6 /8 23 /0 23 18/Sep/2001:20 /16 0 /8 0 /0 1 /16 3 /8 15 /0 15 18/Sep/2001:21 /16 0 /8 0 /0 0 /16 8 /8 20 /0 21 18/Sep/2001:22 /16 0 /8 0 /0 1 /16 9 /8 20 /0 21 18/Sep/2001:23 /16 0 /8 1 /0 1 /16 8 /8 19 /0 19 19/Sep/2001:00 /16 0 /8 0 /0 1 /16 8 /8 11 /0 11 19/Sep/2001:01 /16 0 /8 1 /0 1 /16 14 /8 26 /0 26 19/Sep/2001:02 /16 0 /8 0 /0 0 /16 14 /8 28 /0 30 19/Sep/2001:03 /16 0 /8 1 /0 1 /16 3 /8 12 /0 12 19/Sep/2001:04 /16 0 /8 1 /0 1 /16 10 /8 14 /0 14 19/Sep/2001:05 /16 0 /8 0 /0 0 /16 10 /8 15 /0 15 19/Sep/2001:06 /16 0 /8 1 /0 1 /16 11 /8 16 /0 16 19/Sep/2001:07 /16 0 /8 0 /0 1 /16 9 /8 14 /0 14 19/Sep/2001:08 /16 0 /8 0 /0 0 /16 10 /8 16 /0 17 19/Sep/2001:09 /16 0 /8 0 /0 0 /16 4 /8 6 /0 7 19/Sep/2001:10 /16 0 /8 0 /0 0 /16 1 /8 2 /0 2 19/Sep/2001:11 /16 0 /8 1 /0 1 /16 3 /8 5 /0 6 19/Sep/2001:12 /16 0 /8 0 /0 0 /16 2 /8 4 /0 4 19/Sep/2001:13 /16 0 /8 0 /0 0 /16 7 /8 10 /0 10 19/Sep/2001:14 /16 0 /8 0 /0 0 /16 2 /8 13 /0 13 19/Sep/2001:15 /16 0 /8 0 /0 0 /16 2 /8 12 /0 12 19/Sep/2001:16 /16 0 /8 1 /0 1 /16 5 /8 9 /0 9 19/Sep/2001:17 /16 0 /8 0 /0 1 /16 7 /8 12 /0 12 19/Sep/2001:18 /16 0 /8 0 /0 1 /16 3 /8 7 /0 7 19/Sep/2001:19 /16 0 /8 0 /0 0 /16 3 /8 5 /0 6 19/Sep/2001:20 /16 0 /8 0 /0 0 /16 5 /8 7 /0 7 19/Sep/2001:21 /16 0 /8 0 /0 0 /16 1 /8 8 /0 8 19/Sep/2001:22 /16 0 /8 0 /0 0 /16 1 /8 9 /0 10 19/Sep/2001:23 /16 0 /8 0 /0 0 /16 1 /8 8 /0 8 20/Sep/2001:00 /16 0 /8 1 /0 2 /16 2 /8 4 /0 4 20/Sep/2001:01 /16 0 /8 0 /0 0 /16 6 /8 9 /0 9 20/Sep/2001:02 /16 0 /8 0 /0 0 /16 2 /8 2 /0 2 20/Sep/2001:03 /16 0 /8 0 /0 0 /16 0 /8 6 /0 6 20/Sep/2001:04 /16 0 /8 0 /0 1 /16 2 /8 3 /0 3 20/Sep/2001:05 /16 0 /8 0 /0 0 /16 1 /8 2 /0 2 20/Sep/2001:06 /16 0 /8 0 /0 1 /16 1 /8 2 /0 2 20/Sep/2001:07 /16 0 /8 0 /0 0 /16 0 /8 1 /0 1 20/Sep/2001:08 /16 0 /8 0 /0 1 /16 1 /8 3 /0 4 20/Sep/2001:09 /16 0 /8 1 /0 1 /16 0 /8 4 /0 4 20/Sep/2001:10 /16 0 /8 0 /0 0 /16 0 /8 1 /0 1 20/Sep/2001:11 /16 0 /8 0 /0 0 /16 0 /8 2 /0 2 20/Sep/2001:12 /16 0 /8 0 /0 0 /16 0 /8 3 /0 3 20/Sep/2001:13 /16 0 /8 0 /0 0 /16 0 /8 2 /0 2 20/Sep/2001:14 /16 0 /8 0 /0 0 /16 0 /8 2 /0 2 20/Sep/2001:15 /16 0 /8 2 /0 2 /16 0 /8 4 /0 4 20/Sep/2001:16 /16 0 /8 0 /0 0 /16 0 /8 2 /0 4 20/Sep/2001:17 /16 0 /8 0 /0 0 /16 0 /8 3 /0 3 20/Sep/2001:18 /16 0 /8 2 /0 2 /16 0 /8 2 /0 2 20/Sep/2001:19 /16 0 /8 1 /0 1 /16 0 /8 2 /0 3 20/Sep/2001:20 /16 0 /8 0 /0 0 /16 0 /8 1 /0 1 20/Sep/2001:21 /16 0 /8 0 /0 0 /16 0 /8 1 /0 1 20/Sep/2001:22 /16 0 /8 0 /0 0 /16 0 /8 7 /0 7 20/Sep/2001:23 /16 0 /8 1 /0 1 /16 0 /8 2 /0 2 -- | Bryan Andersen | bryan () visi com | http://www.nerdvest.com | | Buzzwords are like annoying little flies that deserve to be swatted. | | -Bryan Andersen | ---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
Current thread:
- Yet Another Nimda Thread (YANT) Portnoy, Gary (Sep 21)
- Re: Yet Another Nimda Thread (YANT) Midnight Ryder (Sep 21)
- Re: Yet Another Nimda Thread (YANT) hvdkooij (Sep 21)
- Re: Yet Another Nimda Thread (YANT) Bryan Andersen (Sep 21)
- Re: Yet Another Nimda Thread (YANT) Tracey Losco (Sep 21)
- Re: Yet Another Nimda Thread (YANT) Florian Weimer (Sep 21)
- <Possible follow-ups>
- RE: Yet Another Nimda Thread (YANT) Andrew Blevins (Sep 21)
- RE: Yet Another Nimda Thread (YANT) Jose Nazario (Sep 21)
- Re: Yet Another Nimda Thread (YANT) Mike Lewinski (Sep 21)
- RE: Yet Another Nimda Thread (YANT) Robert Nieuwhof (Sep 21)
- Re: Yet Another Nimda Thread (YANT) Bryan Andersen (Sep 23)