Nimda attacks are actually down according to my snort sensor. - k ----- Original Message ----- From: "Jay D. Dyson" <jdysonat_private> To: "Incidents List" <incidentsat_private> Sent: Tuesday, October 02, 2001 6:54 PM Subject: Code Red gone to sleep? > -----BEGIN PGP SIGNED MESSAGE----- > > Hi folks, > > We were discussing on the Early Bird Developers list that none of > us have seen any Code Red scans since September 30th. This can only mean > one of four things: > > 1. Code Red has "gone to sleep," > > 2. Code Red committed ritual seppuku and rm'd every box it > previously infected, > > 3. Nimda has taken over all previously infected Code Red > systems[*], > > 4. All the automated intrusion attempt notices finally paid > off and affected sites have finally shut their infected > systems down. > > While I'd like to believe that the silence is due to option #4, > experience leads me to believe that options #1 and #2 are most likely, and > option #3 is a close runner-up. > > - - -Jay > > * Nimda is still banging away like a nympho bunny on Spanish Fly. > > ( ( _______ > )) )) .-"There's always time for a good cup of coffee."-. >====<--. > C|~~|C|~~| (>------ Jay D. Dyson - jdysonat_private ------<) | = |-' > `--' `--' `--------------- rm -rf /bin/laden ---------------' `------' > > -----BEGIN PGP SIGNATURE----- > Version: 2.6.2 > Comment: See http://www.treachery.net/~jdyson/ for current keys. > > iQCVAwUBO7o3j7lDRyqRQ2a9AQH6JgP/dBanAhC7L2O9Y0DiqXYx7sqX/dmiSmVh > Bd4eBI/t/01FmYBg+EV3SgFWrX/+u+JCl5soPz/ck0XQ+0YN5Lmq3ltsw1TDqwVa > ApyxIRhNBe3hZSpID1LnpuNuNpQm+O3ZXD/jXPRGHVnaobzjAMnPwDYNhNGHRUhV > wIJs3tFt6VM= > =yh/M > -----END PGP SIGNATURE----- > > > -------------------------------------------------------------------------- -- > This list is provided by the SecurityFocus ARIS analyzer service. > For more information on this free incident handling, management > and tracking system please see: http://aris.securityfocus.com > ---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
This archive was generated by hypermail 2b30 : Tue Oct 02 2001 - 17:17:48 PDT