On Fri, 21 Sep 2001, Portnoy, Gary wrote: > I heard there were a few reports of Nimda going completely quiet in certain > netblocks, but none were substantiated. I haven't seen a single Nimda IIS > exploit attempt since a little before 10 AM (EST). I checked my IDS, apache > logs, IIS logs -- nothing. Seems like it went silent. Still seeing CodeRed > though. Can any one correlate? I am somewhere in the 12.27 netblock :) Could be something else. Last hit I got was at 19:07 CET (17:07 UTC) and the rubble goes on as ever. (Every 3 hours I drop a report for CodeRed and for nimda on my server so anyone wanting to have a clue can have a glance at it. Hugo. -- All email send to me is bound to the rules described on my homepage. hvdkooijat_private http://hvdkooij.xs4all.nl/ Don't meddle in the affairs of sysadmins, for they are subtle and quick to anger. ---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
This archive was generated by hypermail 2b30 : Fri Sep 21 2001 - 10:52:59 PDT