On Fri, 21 Sep 2001, Portnoy, Gary wrote:
> I heard there were a few reports of Nimda going completely quiet in certain
> netblocks, but none were substantiated. I haven't seen a single Nimda IIS
> exploit attempt since a little before 10 AM (EST). I checked my IDS, apache
> logs, IIS logs -- nothing. Seems like it went silent. Still seeing CodeRed
> though. Can any one correlate? I am somewhere in the 12.27 netblock :)
Could be something else. Last hit I got was at 19:07 CET (17:07 UTC) and
the rubble goes on as ever. (Every 3 hours I drop a report for CodeRed and
for nimda on my server so anyone wanting to have a clue can have a glance
at it.
Hugo.
--
All email send to me is bound to the rules described on my homepage.
hvdkooijat_private http://hvdkooij.xs4all.nl/
Don't meddle in the affairs of sysadmins,
for they are subtle and quick to anger.
----------------------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management
and tracking system please see: http://aris.securityfocus.com
This archive was generated by hypermail 2b30 : Fri Sep 21 2001 - 10:52:59 PDT