Apparently you are alone in this. My IDS reports that scans continue from the 64. Netblock, owned by Exodus. Robert J. Nieuwhof, CNA, MCP mailto:Rnieuwhofat_private Network Engineer NOS Communications - Information Services http://www.nos.com Madness takes its toll. Please have exact change. The information contained in this correspondence is confidential and intended for the use of the individual or entity named above. Unauthorized distribution is prohibited. Any and all opinions expressed, are the opinions of the author of this e-mail, and in no way reflect or imply the opinions of NOS Communications. -----Original Message----- From: Portnoy, Gary [mailto:gportnoyat_private] Sent: Friday, September 21, 2001 9:47 AM To: 'intrusionsat_private'; 'incidentsat_private' Subject: Yet Another Nimda Thread (YANT) I heard there were a few reports of Nimda going completely quiet in certain netblocks, but none were substantiated. I haven't seen a single Nimda IIS exploit attempt since a little before 10 AM (EST). I checked my IDS, apache logs, IIS logs -- nothing. Seems like it went silent. Still seeing CodeRed though. Can any one correlate? I am somewhere in the 12.27 netblock :) -Gary- Gary Portnoy Network Administrator gportnoyat_private PGP Fingerprint: 9D69 6A39 642D 78FD 207C 307D B37D E01A 2E89 9D2C ---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com [INFO] -- Virus Manager: This email message and any attachments have been scanned for viruses and are believed to be free of any virus. This email, including any attached files, is confidential and is for the sole use of the individual or entity for whom it is intended. This email represents the originator’s personal views and opinions, which do not necessarily reflect those of this Company. If you are not the intended recipient of this email, be advised that you have received this email in error. Any use, dissemination, forwarding, printing, or copying of this email is strictly prohibited and may be subject to legal sanction. If you have received this email in error, please immediately notify postmasterat_private . This email and any attachments have been scanned for viruses and are believed to be free of any virus or defect that might affect any computer system into which it is received. However, it is the responsibility of the recipient to ensure that it is virus free and no responsibility or liability is accepted by this Company for loss or damage arising from its use. ---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
This archive was generated by hypermail 2b30 : Fri Sep 21 2001 - 10:51:22 PDT