mailing list archives
Re: Online DB of IPs for Nimda worm infected machines
From: <up () 3 am>
Date: Tue, 18 Sep 2001 19:40:51 -0400 (EDT)
Yes! ...and accurate (ntpsynch'd) times, too, please. I just got a nimda
warning from secmbox3+nimda () UU NET for a dynamic IP with a GMT/UTC
timestamp that doesn't correspond to any connections, but is close enough
to one that I *think* I know which user it is.
I'm also concerned about auto-blackholing/blocking dynamic IPs...
On Tue, 18 Sep 2001, Rubens Kuhl Jr. wrote:
Please list probe time also. Dynamic IPs can only be traced to the actual
infected user with a time stamp.
Rubens Kuhl Jr.
I put a page to search for infected IPs. This is the first version.
Currently I put IPs into it which probed me before about 2pm PDT.
I got email from 2 people who sent me their IPs, which I am going
to add when they ok it.
You can right now search by SQL for IPs like: 64.81.%
This will display all IPs which probed me starting
Things I am adding in the next minutes is so that people
can submit them self single IPs or bulk list.
James Smallacombe PlantageNet, Inc. CEO and Janitor
up () 3 am http://3.am