>Mailing-List: contact incidents-helpat_private; run by ezmlm >List-Id: <incidents.list-id.securityfocus.com> >List-Post: <mailto:incidentsat_private> All, >I have been seeing those scans pretty nonstop since the outbreak of >Nimda. AT&T tells me that they have blocked Code Red, CRII, and Nimda >upstream, but I still get this traffic 15 times a day or so. Yesterday, >I had one IP hit my machine, looking for cmd.exe 27 times... I've also seen a fair number of these recently. My "record" was 700+ hits from a machine the was "close" to me. Judicious use of curl indicated the the machine was infected with Nimda. A recent re-check has shown it to be resolved now. Whilst it takes some people quite a while to fix it (or in fact notice it) ("it'll never happen to me") it's slowly dimishing. I'm also not seeing any apache crashes - Apache 1.3.12 on RH7.0 (plus appropriate patches) Greg. ---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
This archive was generated by hypermail 2b30 : Tue Feb 26 2002 - 18:30:32 PST