On Fri, 28 Dec 2001, Jay D. Dyson wrote: > Normally I wouldn't be sending this out, but I figure folks need > to be aware and wary, considering the origin of this intrusion attempt. > > I received an early Xmas present from Microsoft. No, I didn't get > XP, nor did I get the latest Office software suite. > > I got a Nimda intrusion attempt. A tracert would seem to confirm: 14 43 ms 46 ms 45 ms msftlabs-gw.customer.ALTER.NET [157.130.176.46] 15 47 ms 46 ms 47 ms 208.217.184.1 16 48 ms 47 ms 46 ms 192.168.1.1 17 * * * Request timed out. That, and an apparant NAT box of some sort. Which means that it's on some sort of inside net, and running rampant over the weekend. Ouch. But, having worked at a large software company myself in the past, there's really no reason to think that your average desktop self-admin is going to know any better. If anything, it highlights how inadequate expecting normal people to keep up on patches is. I'm starting to think more and more that a 3-month expiration date on Windows is a good idea. If you haven't patched in 3 months, then your machine will refuse to do anything but download patches... Ryan ---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
This archive was generated by hypermail 2b30 : Sun Dec 30 2001 - 17:10:31 PST