> According to Ryan Russell (who's been analyzing the > worm code), Nimda doesn't honor redirects - it just > checks the response it gets from a Web server to > determine whether or not the server is vulnerable. > It doesn't follow redirects. So what does this > actually accomplish? > > Isn't it possible that the Nimda traffic is going down > because of the decaying growth curve of propagation? > Or am I just missing something? On my network, it certainly is the case that Nimda traffic is dropping off, here is what I have seen in the last week: date incidents 09/18 2996 09/19 2014 09/20 1136 09/21 165 09/22 382 09/23 371 09/24 147 -- Dr. Everett (Skip) Carter Phone: 831-641-0645 FAX: 831-641-0647 Taygeta Scientific Inc. INTERNET: skipat_private 1340 Munras Ave., Suite 314 UUCP: ...!uunet!taygeta!skip Monterey, CA. 93940 WWW: http://www.taygeta.com/skip.html ---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
This archive was generated by hypermail 2b30 : Tue Sep 25 2001 - 13:18:11 PDT