On Tue, 26 Feb 2002, Brian Mooney wrote: > I have been seeing those scans pretty nonstop since the outbreak of > Nimda. AT&T tells me that they have blocked Code Red, CRII, and Nimda > upstream, but I still get this traffic 15 times a day or so. Yesterday, > I had one IP hit my machine, looking for cmd.exe 27 times... > How did AT&T block these upstream from you? Unless they installed a proxy firewall, or a router that can effectively do layer 4+ filtering I can't see this being accomplished for all customers off a AT&T edge router. Perhaps did they block this traffic on a firewall they manage for you? ---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
This archive was generated by hypermail 2b30 : Wed Feb 27 2002 - 09:20:18 PST