RE: Nimda.E having an impact ??

From: Kinsey, Robert (Robert.Kinseyat_private)
Date: Wed Oct 31 2001 - 14:53:01 PST

  • Next message: John Sage: "Re: Should I be concerned about?"

    For the networks I monitor I am seeing similar activity to the original
    Nimda (same /16 subnet for now).  I have, like you, noticed the volume of
    hits within the network range is different.  I am also trying to correlate
    the connection attempts on port 80 with any attempts via tfpt for the same
    source/dest combination.  This seems to alert me whether a box on my network
    becomes infected (the tfpt activity only occurs if a 200 OK response is seen
    to the port 80 activity).  So far (thankfully) I have not seen that
    particular connection combination.
    from the trenches,
    This list is provided by the SecurityFocus ARIS analyzer service.
    For more information on this free incident handling, management 
    and tracking system please see:

    This archive was generated by hypermail 2b30 : Wed Oct 31 2001 - 15:57:23 PST