RE: Nimda Infections

From: Reilly (reillyat_private)
Date: Mon Nov 12 2001 - 20:31:16 PST

Next message: Reilly: "RE: Nimda Infections"

Previous message: Nathan Einwechter: "Re: sub-7"
Next in thread: Reilly: "RE: Nimda Infections"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

oops... sorry.  I meant UNICODE directory traversal... wrong rant.

Thanks for the nudge in the right direction HC.

-----Original Message-----
From: H C [mailto:keydet89at_private]
Sent: Monday, November 12, 2001 4:41 PM
To: reillyat_private
Subject: Re: Nimda Infections


Reilly,

I'm not sure I understand what you're talking about.
You mention Nimda, and then you mention the .hta/.htq
vulnerability.  I'm not clear on what one has to do
with the other.  Nimda doesn't take advantage of that
particular vulnerability to IIS web servers.

Thanks,

Carv

--- reillyat_private wrote:
> It's amazing to me when I see the amount of systems
> still infected with Nimda.  In today's logs I see a
> huge amount of systems in the ATT network that are
> still banging away.  I can't even give you the
> amount of systems that I'm seeing from China.  What
> is so difficult about patching your system against
> the .hta, .htq vuln.  I don't mean to go off on a
> rant but am I the only one that feels this way?  Is
> everyone else seeing the same activity?
>
>
> AT&T
> 12.101.62.4
> 12.102.47.51
> 12.103.156.10
> 12.103.159.94
> 12.64.128.3
> 12.64.134.199
> 12.72.139.96
> 12.73.5.135
> 12.74.161.194
> 12.75.41.165
> 12.77.146.214
> 12.77.148.241
> 12.77.151.250
> 12.78.144.115
> 12.81.109.130
> 12.81.120.25
> 12.81.163.216
> 12.81.2.240
> 12.83.81.182
> 12.83.83.74
> 12.84.96.198
> 12.87.145.155
> 12.88.161.248
> 12.88.173.180
> 12.89.165.130
> 12.91.118.157
> 12.98.144.18
> 12.99.178.250
> 12.99.179.10
> 12.99.28.7
> 12.99.94.158
>
>
----------------------------------------------------------------------------
> This list is provided by the SecurityFocus ARIS
> analyzer service.
> For more information on this free incident handling,
> management
> and tracking system please see:
> http://aris.securityfocus.com
>


__________________________________________________
Do You Yahoo!?
Find a job, post your resume.
http://careers.yahoo.com


----------------------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management 
and tracking system please see: http://aris.securityfocus.com

Next message: Reilly: "RE: Nimda Infections"
Previous message: Nathan Einwechter: "Re: sub-7"
Next in thread: Reilly: "RE: Nimda Infections"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Tue Nov 13 2001 - 07:26:48 PST