[Gllug] nimda
Stig Brautaset
stigbrau at online.no
Wed Sep 19 18:40:35 UTC 2001
* will <will at hellacool.co.uk> spake thus:
> 2632 unique hosts scanned for some variant of cmd.exe on one of our servers
> alone in the last half an hour. This worm doesn't infect UNIX boxes but it
> certainly *affects* them.
Apparently, yes. Martin Krafft reported on the debian-user mailinglist
at about 23 last night:
seamus.madduck.net (woody, 2.4.9) (dual 1.3GHz, 1Gb RAM, 34Mbit
connection) got a total of 9563776 (that's almost 10 mio.) attacks
in the last 4 hours from almost 23000 different IPs, averaging at
around 650/sec. peak is right now at 2800 attacks/sec, Snort logs
growing at 90Mb/min. system load was 1.7 :-> and i shut down apache
for the night, reducing the load to 0.13.
*shudder* I am glad I do not run any services when I hear such things.
I wonder whether it is this new worm's fault that fethcmail took so long
getting my mail?
Regards,
Stig
--
brautaset.org
Registered Linux User 107343
--
Gllug mailing list - Gllug at linux.co.uk
http://list.ftech.net/mailman/listinfo/gllug
More information about the GLLUG
mailing list