Re: Recent Flood of Attacks on Servers

by "Rudy Gomez" <rudy(at)cyberangler.com>

 Date:  Thu, 20 Sep 2001 09:20:41 -0400
 To:  <hwg-basics(at)hwg.org>
 Cc:  "C. A. Milton" <camilton(at)hauntedhalloweencastle.com>
 References:  home
  todo: View Thread, Original
This is probably the new Nimda Virus.  For more information see:
http://securityresponse.symantec.com/avcenter/venc/data/w32.nimda.a(at)mm.html

As usual, it only infects Microsoft IIS web servers.  The problem for the
rest of us (as with Code Red which also only infected Microsoft IIS web
servers) is the high number of scans originating from infected M$II$ boxes.

We are trying to curtail some of this scanning activity by using ipchains.
For more info, check you man pages for ipchains.

<.climb soap box>
Something needs to be done about all these M$II$ boxes that are still
infected with Code Red, and now with Nimda.  Some of these servers either
don't have sys admins, or have sys admins that don't give a s__t as they
have been continually scanning other boxes for weeks now.  Sys admins need
to either patch the boxes, or someone else needs to take these boxes
offline.
<.descend from soap box>

God Bless America,

Rudy Gomez                   \      ,,,,,,\\,,              ...><`>
rudy(at)cyberangler.com    }><(((((())))�� ...><`>
http://cyberangler.com/    /      `````//''             ...><`>
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

C. A. Milton wrote:
> Is everyone else out there experiencing the same flood of attacks on their
> servers?  The last three days my raw server logs have had a tremendous
> number of attacks.

HTML: hwg-basics mailing list archives, maintained by Webmasters @ IWA