[CLUE-Tech] 404's in the log
Randy Arabie
rrarabie at home.com
Tue Nov 6 07:36:20 MST 2001
On Mon, 5 Nov 2001, Roger Frank wrote:
> So what am I seeing here? A worm trying to get in?
Yes. Nimda most likely.
I have a small lan at home on the @home network. I opened port 80
and captured several hours of requests with a sniffer (snort) and
analyzed what I was getting....almost exclusively attempts (?requests?)
by the Nimda worm.
Take a look at this paper, some very interesting reading on worms:
http://project.honeynet.org/papers/worm/
--
Cheers!
Randy
==================================================================
Randy Arabie
GnuPG Key Info --
Fingerprint: 75CB 1707 3C14 EF94 22E1 995F 7286 97DC B41D 79CE
Key ID: 7C603AEF
Keyserver: seattle.keyserver.net
==================================================================
*****************************************
* *
* THIS EMAIL IS CERTIFIED *
* ANTRHAX FREE. *
* *
*****************************************
More information about the clue-tech
mailing list