"Portnoy, Gary" wrote: > > I heard there were a few reports of Nimda going completely quiet in certain > netblocks, but none were substantiated. I haven't seen a single Nimda IIS > exploit attempt since a little before 10 AM (EST). I checked my IDS, apache > logs, IIS logs -- nothing. Seems like it went silent. Still seeing CodeRed > though. Can any one correlate? I am somewhere in the 12.27 netblock :) I wish I could say things have gone all quiet, but I've seen 20 scans sofar today. 2 in the past hour. Looks like I have three to forward to my ISP. Times are (-500) dd/mmm/yyyy:hh CodeRed Nimda -------------- -------------------- --------------------- 21/Sep/2001:00 /16 0 /8 0 /0 0 /16 0 /8 4 /0 4 21/Sep/2001:01 /16 0 /8 0 /0 1 /16 0 /8 4 /0 4 21/Sep/2001:02 /16 0 /8 0 /0 0 /16 0 /8 4 /0 4 21/Sep/2001:03 /16 0 /8 0 /0 0 /16 0 /8 2 /0 2 21/Sep/2001:04 /16 0 /8 0 /0 1 /16 0 /8 1 /0 1 21/Sep/2001:05 /16 0 /8 0 /0 0 /16 0 /8 0 /0 0 21/Sep/2001:06 /16 0 /8 0 /0 1 /16 0 /8 0 /0 0 21/Sep/2001:07 /16 0 /8 0 /0 0 /16 0 /8 0 /0 0 21/Sep/2001:08 /16 0 /8 0 /0 0 /16 0 /8 0 /0 0 21/Sep/2001:09 /16 0 /8 0 /0 1 /16 0 /8 0 /0 0 21/Sep/2001:10 /16 0 /8 0 /0 0 /16 1 /8 1 /0 2 21/Sep/2001:11 /16 1 /8 1 /0 1 /16 0 /8 1 /0 1 21/Sep/2001:12 /16 1 /8 1 /0 1 /16 2 /8 2 /0 2 18/Sep/2001:08 /16 0 /8 0 /0 0 /16 8 /8 15 /0 15 18/Sep/2001:09 /16 0 /8 0 /0 0 /16 12 /8 17 /0 18 18/Sep/2001:10 /16 0 /8 1 /0 1 /16 16 /8 18 /0 18 18/Sep/2001:11 /16 0 /8 0 /0 0 /16 17 /8 25 /0 25 18/Sep/2001:12 /16 0 /8 0 /0 2 /16 15 /8 27 /0 27 18/Sep/2001:13 /16 0 /8 0 /0 0 /16 11 /8 20 /0 20 18/Sep/2001:14 /16 0 /8 2 /0 2 /16 6 /8 13 /0 13 18/Sep/2001:15 /16 0 /8 2 /0 2 /16 3 /8 11 /0 11 18/Sep/2001:16 /16 0 /8 0 /0 0 /16 3 /8 11 /0 11 18/Sep/2001:17 /16 0 /8 2 /0 2 /16 8 /8 18 /0 18 18/Sep/2001:18 /16 0 /8 3 /0 3 /16 9 /8 20 /0 21 18/Sep/2001:19 /16 0 /8 0 /0 0 /16 6 /8 23 /0 23 18/Sep/2001:20 /16 0 /8 0 /0 1 /16 3 /8 15 /0 15 18/Sep/2001:21 /16 0 /8 0 /0 0 /16 8 /8 20 /0 21 18/Sep/2001:22 /16 0 /8 0 /0 1 /16 9 /8 20 /0 21 18/Sep/2001:23 /16 0 /8 1 /0 1 /16 8 /8 19 /0 19 19/Sep/2001:00 /16 0 /8 0 /0 1 /16 8 /8 11 /0 11 19/Sep/2001:01 /16 0 /8 1 /0 1 /16 14 /8 26 /0 26 19/Sep/2001:02 /16 0 /8 0 /0 0 /16 14 /8 28 /0 30 19/Sep/2001:03 /16 0 /8 1 /0 1 /16 3 /8 12 /0 12 19/Sep/2001:04 /16 0 /8 1 /0 1 /16 10 /8 14 /0 14 19/Sep/2001:05 /16 0 /8 0 /0 0 /16 10 /8 15 /0 15 19/Sep/2001:06 /16 0 /8 1 /0 1 /16 11 /8 16 /0 16 19/Sep/2001:07 /16 0 /8 0 /0 1 /16 9 /8 14 /0 14 19/Sep/2001:08 /16 0 /8 0 /0 0 /16 10 /8 16 /0 17 19/Sep/2001:09 /16 0 /8 0 /0 0 /16 4 /8 6 /0 7 19/Sep/2001:10 /16 0 /8 0 /0 0 /16 1 /8 2 /0 2 19/Sep/2001:11 /16 0 /8 1 /0 1 /16 3 /8 5 /0 6 19/Sep/2001:12 /16 0 /8 0 /0 0 /16 2 /8 4 /0 4 19/Sep/2001:13 /16 0 /8 0 /0 0 /16 7 /8 10 /0 10 19/Sep/2001:14 /16 0 /8 0 /0 0 /16 2 /8 13 /0 13 19/Sep/2001:15 /16 0 /8 0 /0 0 /16 2 /8 12 /0 12 19/Sep/2001:16 /16 0 /8 1 /0 1 /16 5 /8 9 /0 9 19/Sep/2001:17 /16 0 /8 0 /0 1 /16 7 /8 12 /0 12 19/Sep/2001:18 /16 0 /8 0 /0 1 /16 3 /8 7 /0 7 19/Sep/2001:19 /16 0 /8 0 /0 0 /16 3 /8 5 /0 6 19/Sep/2001:20 /16 0 /8 0 /0 0 /16 5 /8 7 /0 7 19/Sep/2001:21 /16 0 /8 0 /0 0 /16 1 /8 8 /0 8 19/Sep/2001:22 /16 0 /8 0 /0 0 /16 1 /8 9 /0 10 19/Sep/2001:23 /16 0 /8 0 /0 0 /16 1 /8 8 /0 8 20/Sep/2001:00 /16 0 /8 1 /0 2 /16 2 /8 4 /0 4 20/Sep/2001:01 /16 0 /8 0 /0 0 /16 6 /8 9 /0 9 20/Sep/2001:02 /16 0 /8 0 /0 0 /16 2 /8 2 /0 2 20/Sep/2001:03 /16 0 /8 0 /0 0 /16 0 /8 6 /0 6 20/Sep/2001:04 /16 0 /8 0 /0 1 /16 2 /8 3 /0 3 20/Sep/2001:05 /16 0 /8 0 /0 0 /16 1 /8 2 /0 2 20/Sep/2001:06 /16 0 /8 0 /0 1 /16 1 /8 2 /0 2 20/Sep/2001:07 /16 0 /8 0 /0 0 /16 0 /8 1 /0 1 20/Sep/2001:08 /16 0 /8 0 /0 1 /16 1 /8 3 /0 4 20/Sep/2001:09 /16 0 /8 1 /0 1 /16 0 /8 4 /0 4 20/Sep/2001:10 /16 0 /8 0 /0 0 /16 0 /8 1 /0 1 20/Sep/2001:11 /16 0 /8 0 /0 0 /16 0 /8 2 /0 2 20/Sep/2001:12 /16 0 /8 0 /0 0 /16 0 /8 3 /0 3 20/Sep/2001:13 /16 0 /8 0 /0 0 /16 0 /8 2 /0 2 20/Sep/2001:14 /16 0 /8 0 /0 0 /16 0 /8 2 /0 2 20/Sep/2001:15 /16 0 /8 2 /0 2 /16 0 /8 4 /0 4 20/Sep/2001:16 /16 0 /8 0 /0 0 /16 0 /8 2 /0 4 20/Sep/2001:17 /16 0 /8 0 /0 0 /16 0 /8 3 /0 3 20/Sep/2001:18 /16 0 /8 2 /0 2 /16 0 /8 2 /0 2 20/Sep/2001:19 /16 0 /8 1 /0 1 /16 0 /8 2 /0 3 20/Sep/2001:20 /16 0 /8 0 /0 0 /16 0 /8 1 /0 1 20/Sep/2001:21 /16 0 /8 0 /0 0 /16 0 /8 1 /0 1 20/Sep/2001:22 /16 0 /8 0 /0 0 /16 0 /8 7 /0 7 20/Sep/2001:23 /16 0 /8 1 /0 1 /16 0 /8 2 /0 2 -- | Bryan Andersen | bryanat_private | http://www.nerdvest.com | | Buzzwords are like annoying little flies that deserve to be swatted. | | -Bryan Andersen | ---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
This archive was generated by hypermail 2b30 : Fri Sep 21 2001 - 11:19:19 PDT