Security Incidents mailing list archives

Previous By Date Next
Previous By Thread Next

RE: Tracking down the still infected hosts

From: "Martinez, Simon" <SiMartinez () FDIC gov>
Date: Mon, 24 Sep 2001 12:14:18 -0400
Try, Dshield.org

http://dshield.org/nimda.html


 -----Original Message-----
From:   Darren Windham [mailto:dwindham () camozzi-usa com] 
Sent:   Monday, September 24, 2001 11:57 AM
To:     incidents () securityfocus com
Subject:        Tracking down the still infected hosts

As things have slowed down here I have been combing thru IIS logs for
all the scans from Nimda infected hosts and trying to contact the
owner/provider.  Is there a website where we can post/send logs and
start a list.  It looks as though it may be a long time before all the
infected hosts are clean.  Several of the ones I have found are in
schools, public libraries, etc so getting the those boxes taken care of
won't likely be an easy task.  Anyone else doing anything to help this?

Darren Windham
Information Systems Manager
Camozzi Pneumatics, Inc.
E-mail: dwindham () camozzi-usa com




----------------------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management 
and tracking system please see: http://aris.securityfocus.com

----------------------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management 
and tracking system please see: http://aris.securityfocus.com
Previous By Date Next
Previous By Thread Next

Current thread: