[Gllug] nimda
The Flying Hamster
hamster at vom.tm
Sat Sep 22 08:45:03 UTC 2001
On Fri, Sep 21, 2001 at 07:29:14PM +0100, David Irvine wrote:
> Rev Simon Rumble wrote:
>
> >Perhaps some sort of highly visible "stick" for such net abuse (ie,
> >leaving your servers unpatched for a known vulnerability) needs to be
> >developed along the same lines as the MAPS et al RBL?
That's what we did on an internal basis using the BGP/RBL method, you
probe us more than x times with a nimda signature, welcome to routing
hell.
[...]
> I would prefer something built into a 5 and a bit sized drive bay which
> LARTS the luser every time something like this happens, preferably with
Unfortunately it's unlikely to have any effect, many of the machines
which were hitting appear to be unadminned, ie boxes which were setup
and let loose but aren't actively maintained. *sigh*
[...]
> >Many of the servers here at work are STILL down from Nimba. I've had
> >106 attempts at my (Apache on Linux) web server. My (real IP) web
> >server (Apache) on my Win2K box here at work is also taking hits.
None of our servers down, though across the three core webboxen we've
seen approx 8.25 million hits since Tuesday with over 12,000 unique
IPs (179 currently blackholed). Thank f*ck the unused portion of our
/17 is routed to our local blackhole otherwise the arp traffic would
have been ... interesting.
--
The Flying Hamster <hamster at suespammers.org> http://hamster.wibble.org/
Anything is good and useful if it's made of chocolate.
--
Gllug mailing list - Gllug at linux.co.uk
http://list.ftech.net/mailman/listinfo/gllug
More information about the GLLUG
mailing list