Re: Yet Another Nimda Thread (YANT)

From: Bryan Andersen (bryanat_private)
Date: Fri Sep 21 2001 - 11:15:13 PDT

Next message: Michael W. Shaffer: "Nimda affecting HP LaserJet / JetDirect devices?"

Previous message: John Stauffacher: "RE:New Version of Retina Nimba Scanner"
In reply to: Portnoy, Gary: "Yet Another Nimda Thread (YANT)"
Next in thread: Tracey Losco: "Re: Yet Another Nimda Thread (YANT)"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

"Portnoy, Gary" wrote:
> 
> I heard there were a few reports of Nimda going completely quiet in certain
> netblocks, but none were substantiated.  I haven't seen a single Nimda IIS
> exploit attempt since a little before 10 AM (EST).  I checked my IDS, apache
> logs, IIS logs -- nothing.  Seems like it went silent.  Still seeing CodeRed
> though. Can any one correlate?  I am somewhere in the 12.27 netblock :)

I wish I could say things have gone all quiet, but I've 
seen 20 scans sofar today.  2 in the past hour.  Looks
like I have three to forward to my ISP.  Times are (-500)

dd/mmm/yyyy:hh  CodeRed                 Nimda
--------------  --------------------    ---------------------
21/Sep/2001:00  /16 0   /8 0    /0 0    /16 0   /8 4    /0 4
21/Sep/2001:01  /16 0   /8 0    /0 1    /16 0   /8 4    /0 4
21/Sep/2001:02  /16 0   /8 0    /0 0    /16 0   /8 4    /0 4
21/Sep/2001:03  /16 0   /8 0    /0 0    /16 0   /8 2    /0 2
21/Sep/2001:04  /16 0   /8 0    /0 1    /16 0   /8 1    /0 1
21/Sep/2001:05  /16 0   /8 0    /0 0    /16 0   /8 0    /0 0
21/Sep/2001:06  /16 0   /8 0    /0 1    /16 0   /8 0    /0 0
21/Sep/2001:07  /16 0   /8 0    /0 0    /16 0   /8 0    /0 0
21/Sep/2001:08  /16 0   /8 0    /0 0    /16 0   /8 0    /0 0
21/Sep/2001:09  /16 0   /8 0    /0 1    /16 0   /8 0    /0 0
21/Sep/2001:10  /16 0   /8 0    /0 0    /16 1   /8 1    /0 2
21/Sep/2001:11  /16 1   /8 1    /0 1    /16 0   /8 1    /0 1
21/Sep/2001:12  /16 1   /8 1    /0 1    /16 2   /8 2    /0 2

18/Sep/2001:08  /16 0   /8 0    /0 0    /16 8   /8 15   /0 15
18/Sep/2001:09  /16 0   /8 0    /0 0    /16 12  /8 17   /0 18
18/Sep/2001:10  /16 0   /8 1    /0 1    /16 16  /8 18   /0 18
18/Sep/2001:11  /16 0   /8 0    /0 0    /16 17  /8 25   /0 25
18/Sep/2001:12  /16 0   /8 0    /0 2    /16 15  /8 27   /0 27
18/Sep/2001:13  /16 0   /8 0    /0 0    /16 11  /8 20   /0 20
18/Sep/2001:14  /16 0   /8 2    /0 2    /16 6   /8 13   /0 13
18/Sep/2001:15  /16 0   /8 2    /0 2    /16 3   /8 11   /0 11
18/Sep/2001:16  /16 0   /8 0    /0 0    /16 3   /8 11   /0 11
18/Sep/2001:17  /16 0   /8 2    /0 2    /16 8   /8 18   /0 18
18/Sep/2001:18  /16 0   /8 3    /0 3    /16 9   /8 20   /0 21
18/Sep/2001:19  /16 0   /8 0    /0 0    /16 6   /8 23   /0 23
18/Sep/2001:20  /16 0   /8 0    /0 1    /16 3   /8 15   /0 15
18/Sep/2001:21  /16 0   /8 0    /0 0    /16 8   /8 20   /0 21
18/Sep/2001:22  /16 0   /8 0    /0 1    /16 9   /8 20   /0 21
18/Sep/2001:23  /16 0   /8 1    /0 1    /16 8   /8 19   /0 19
19/Sep/2001:00  /16 0   /8 0    /0 1    /16 8   /8 11   /0 11
19/Sep/2001:01  /16 0   /8 1    /0 1    /16 14  /8 26   /0 26
19/Sep/2001:02  /16 0   /8 0    /0 0    /16 14  /8 28   /0 30
19/Sep/2001:03  /16 0   /8 1    /0 1    /16 3   /8 12   /0 12
19/Sep/2001:04  /16 0   /8 1    /0 1    /16 10  /8 14   /0 14
19/Sep/2001:05  /16 0   /8 0    /0 0    /16 10  /8 15   /0 15
19/Sep/2001:06  /16 0   /8 1    /0 1    /16 11  /8 16   /0 16
19/Sep/2001:07  /16 0   /8 0    /0 1    /16 9   /8 14   /0 14
19/Sep/2001:08  /16 0   /8 0    /0 0    /16 10  /8 16   /0 17
19/Sep/2001:09  /16 0   /8 0    /0 0    /16 4   /8 6    /0 7
19/Sep/2001:10  /16 0   /8 0    /0 0    /16 1   /8 2    /0 2
19/Sep/2001:11  /16 0   /8 1    /0 1    /16 3   /8 5    /0 6
19/Sep/2001:12  /16 0   /8 0    /0 0    /16 2   /8 4    /0 4
19/Sep/2001:13  /16 0   /8 0    /0 0    /16 7   /8 10   /0 10
19/Sep/2001:14  /16 0   /8 0    /0 0    /16 2   /8 13   /0 13
19/Sep/2001:15  /16 0   /8 0    /0 0    /16 2   /8 12   /0 12
19/Sep/2001:16  /16 0   /8 1    /0 1    /16 5   /8 9    /0 9
19/Sep/2001:17  /16 0   /8 0    /0 1    /16 7   /8 12   /0 12
19/Sep/2001:18  /16 0   /8 0    /0 1    /16 3   /8 7    /0 7
19/Sep/2001:19  /16 0   /8 0    /0 0    /16 3   /8 5    /0 6
19/Sep/2001:20  /16 0   /8 0    /0 0    /16 5   /8 7    /0 7
19/Sep/2001:21  /16 0   /8 0    /0 0    /16 1   /8 8    /0 8
19/Sep/2001:22  /16 0   /8 0    /0 0    /16 1   /8 9    /0 10
19/Sep/2001:23  /16 0   /8 0    /0 0    /16 1   /8 8    /0 8
20/Sep/2001:00  /16 0   /8 1    /0 2    /16 2   /8 4    /0 4
20/Sep/2001:01  /16 0   /8 0    /0 0    /16 6   /8 9    /0 9
20/Sep/2001:02  /16 0   /8 0    /0 0    /16 2   /8 2    /0 2
20/Sep/2001:03  /16 0   /8 0    /0 0    /16 0   /8 6    /0 6
20/Sep/2001:04  /16 0   /8 0    /0 1    /16 2   /8 3    /0 3
20/Sep/2001:05  /16 0   /8 0    /0 0    /16 1   /8 2    /0 2
20/Sep/2001:06  /16 0   /8 0    /0 1    /16 1   /8 2    /0 2
20/Sep/2001:07  /16 0   /8 0    /0 0    /16 0   /8 1    /0 1
20/Sep/2001:08  /16 0   /8 0    /0 1    /16 1   /8 3    /0 4
20/Sep/2001:09  /16 0   /8 1    /0 1    /16 0   /8 4    /0 4
20/Sep/2001:10  /16 0   /8 0    /0 0    /16 0   /8 1    /0 1
20/Sep/2001:11  /16 0   /8 0    /0 0    /16 0   /8 2    /0 2
20/Sep/2001:12  /16 0   /8 0    /0 0    /16 0   /8 3    /0 3
20/Sep/2001:13  /16 0   /8 0    /0 0    /16 0   /8 2    /0 2
20/Sep/2001:14  /16 0   /8 0    /0 0    /16 0   /8 2    /0 2
20/Sep/2001:15  /16 0   /8 2    /0 2    /16 0   /8 4    /0 4
20/Sep/2001:16  /16 0   /8 0    /0 0    /16 0   /8 2    /0 4
20/Sep/2001:17  /16 0   /8 0    /0 0    /16 0   /8 3    /0 3
20/Sep/2001:18  /16 0   /8 2    /0 2    /16 0   /8 2    /0 2
20/Sep/2001:19  /16 0   /8 1    /0 1    /16 0   /8 2    /0 3
20/Sep/2001:20  /16 0   /8 0    /0 0    /16 0   /8 1    /0 1
20/Sep/2001:21  /16 0   /8 0    /0 0    /16 0   /8 1    /0 1
20/Sep/2001:22  /16 0   /8 0    /0 0    /16 0   /8 7    /0 7
20/Sep/2001:23  /16 0   /8 1    /0 1    /16 0   /8 2    /0 2

-- 
|  Bryan Andersen   |   bryanat_private   |   http://www.nerdvest.com   |
| Buzzwords are like annoying little flies that deserve to be swatted. |
|   -Bryan Andersen                                                    |

----------------------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management 
and tracking system please see: http://aris.securityfocus.com

Next message: Michael W. Shaffer: "Nimda affecting HP LaserJet / JetDirect devices?"
Previous message: John Stauffacher: "RE:New Version of Retina Nimba Scanner"
In reply to: Portnoy, Gary: "Yet Another Nimda Thread (YANT)"
Next in thread: Tracey Losco: "Re: Yet Another Nimda Thread (YANT)"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Fri Sep 21 2001 - 11:19:19 PDT