Last Nimda attempt here was at 11:14 AM (CST), and prior to that was at 10:31 AM. Things have slowed down considerably here - my log file is 64k at the moment. Yesterday at this time it was about 200k, and the day before it was at about 600k. Huge difference. I'm hiding somewhere in the 208.34.xxx.xxx range. And, yep - I'm still seeing some CR background noise again (on the first day of Nimda, I didn't see any CR traffic after 8:08 AM, the first Nimda entry...) Davis Sickmon, From various companies... ----- Original Message ----- From: "Portnoy, Gary" <gportnoyat_private> To: <intrusionsat_private>; <incidentsat_private> Sent: Friday, September 21, 2001 11:46 AM Subject: Yet Another Nimda Thread (YANT) > > I heard there were a few reports of Nimda going completely quiet in certain > netblocks, but none were substantiated. I haven't seen a single Nimda IIS > exploit attempt since a little before 10 AM (EST). I checked my IDS, apache > logs, IIS logs -- nothing. Seems like it went silent. Still seeing CodeRed > though. Can any one correlate? I am somewhere in the 12.27 netblock :) > > -Gary- > > Gary Portnoy > Network Administrator > gportnoyat_private > > PGP Fingerprint: 9D69 6A39 642D 78FD 207C 307D B37D E01A 2E89 9D2C > > ---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
This archive was generated by hypermail 2b30 : Fri Sep 21 2001 - 10:35:31 PDT