Security Incidents mailing list archives

RE: Yet Another Nimda Thread (YANT)

From: "Robert Nieuwhof" <RNieuwhof () nos com>
Date: Fri, 21 Sep 2001 10:02:15 -0700

Apparently you are alone in this. My IDS reports that scans continue from
the 64. Netblock, owned by Exodus.

Robert J. Nieuwhof, CNA, MCP
mailto:Rnieuwhof () nos com
Network Engineer
NOS Communications - Information Services

http://www.nos.com

Madness takes its toll. Please have exact change. 
The information contained in this correspondence is confidential and
intended for the use of the individual or entity named above. Unauthorized
distribution is prohibited. Any and all opinions expressed,  are the
opinions of the author of this e-mail, and in no way reflect or imply the
opinions of NOS Communications.


-----Original Message-----
From: Portnoy, Gary [mailto:gportnoy () belenosinc com]
Sent: Friday, September 21, 2001 9:47 AM
To: 'intrusions () incidents org'; 'incidents () securityfocus com'
Subject: Yet Another Nimda Thread (YANT)



I heard there were a few reports of Nimda going completely quiet in certain
netblocks, but none were substantiated.  I haven't seen a single Nimda IIS
exploit attempt since a little before 10 AM (EST).  I checked my IDS, apache
logs, IIS logs -- nothing.  Seems like it went silent.  Still seeing CodeRed
though. Can any one correlate?  I am somewhere in the 12.27 netblock :)

-Gary-

Gary Portnoy
Network Administrator
gportnoy () belenosinc com

PGP Fingerprint: 9D69 6A39 642D 78FD 207C  307D B37D E01A 2E89 9D2C


----------------------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management 
and tracking system please see: http://aris.securityfocus.com



[INFO] -- Virus Manager:
This email message and any attachments have been scanned for viruses and are
believed to be free of any virus.


This email, including any attached files, is confidential and is for the sole use of the individual or entity for whom 
it is intended.  This email represents the originators personal views and opinions, which do not necessarily reflect 
those of this Company.  If you are not the intended recipient of this email, be advised that you have received this 
email in error.  Any use, dissemination, forwarding, printing, or copying of this email is strictly prohibited and may 
be subject to legal sanction.  If you have received this email in error, please immediately notify postmaster () 
sitehelp org .

This email and any attachments have been scanned for viruses and are believed to be free of any virus or defect that 
might affect any computer system into which it is received.  However, it is the responsibility of the recipient to 
ensure that it is virus free and no responsibility or liability is accepted by this Company for loss or damage arising 
from its use.





----------------------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management
and tracking system please see: http://aris.securityfocus.com

Current thread:

Yet Another Nimda Thread (YANT) Portnoy, Gary (Sep 21)
- Re: Yet Another Nimda Thread (YANT) Midnight Ryder (Sep 21)
- Re: Yet Another Nimda Thread (YANT) hvdkooij (Sep 21)
- Re: Yet Another Nimda Thread (YANT) Bryan Andersen (Sep 21)
- Re: Yet Another Nimda Thread (YANT) Tracey Losco (Sep 21)
- Re: Yet Another Nimda Thread (YANT) Florian Weimer (Sep 21)
- <Possible follow-ups>
- RE: Yet Another Nimda Thread (YANT) Andrew Blevins (Sep 21)
  - RE: Yet Another Nimda Thread (YANT) Jose Nazario (Sep 21)
- Re: Yet Another Nimda Thread (YANT) Mike Lewinski (Sep 21)
- RE: Yet Another Nimda Thread (YANT) Robert Nieuwhof (Sep 21)
- Re: Yet Another Nimda Thread (YANT) Bryan Andersen (Sep 23)