> According to Ryan Russell (who's been analyzing the
> worm code), Nimda doesn't honor redirects - it just
> checks the response it gets from a Web server to
> determine whether or not the server is vulnerable.
> It doesn't follow redirects. So what does this
> actually accomplish?
>
> Isn't it possible that the Nimda traffic is going down
> because of the decaying growth curve of propagation?
> Or am I just missing something?
On my network, it certainly is the case that Nimda traffic
is dropping off, here is what I have seen in the last week:
date incidents
09/18 2996
09/19 2014
09/20 1136
09/21 165
09/22 382
09/23 371
09/24 147
--
Dr. Everett (Skip) Carter Phone: 831-641-0645 FAX: 831-641-0647
Taygeta Scientific Inc. INTERNET: skipat_private
1340 Munras Ave., Suite 314 UUCP: ...!uunet!taygeta!skip
Monterey, CA. 93940 WWW: http://www.taygeta.com/skip.html
----------------------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management
and tracking system please see: http://aris.securityfocus.com
This archive was generated by hypermail 2b30 : Tue Sep 25 2001 - 13:18:11 PDT