Yes, My home connection is via @home and there seem to be lots of systems which still have Nimda, even code red on the (aparently somewhat local) net with me. I think/hope @home is blocking somewhere upstream. At work, we have the same provider, but a different group (FiberNet vs. @home) and there seems to be a fair amount of this type of traffic on that net as well. I had to put in web log management on the DNS server because Apache's error and access logs are full of that crap. Eventually, I'll probably have to remove the web server (it doesn't really need it), just to prevent a disk full DoS. I have been assuming that it was just me. Joe |-----Original Message----- |From: reillyat_private [mailto:reillyat_private] |Sent: Monday, November 12, 2001 6:28 PM |To: incidentsat_private |Subject: Nimda Infections | | |It's amazing to me when I see the amount of systems still |infected with Nimda. In today's logs I see a huge amount of |systems in the ATT network that are still banging away. I |can't even give you the amount of systems that I'm seeing from |China. What is so difficult about patching your system |against the .hta, .htq vuln. I don't mean to go off on a rant |but am I the only one that feels this way? Is everyone else |seeing the same activity? ---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
This archive was generated by hypermail 2b30 : Tue Nov 13 2001 - 07:15:55 PST