Home page logo
/

nanog logo nanog mailing list archives

Re: Online DB of IPs for Nimda worm infected machines
From: <up () 3 am>
Date: Tue, 18 Sep 2001 19:40:51 -0400 (EDT)



Yes!  ...and accurate (ntpsynch'd) times, too, please.  I just got a nimda
warning from secmbox3+nimda () UU NET for a dynamic IP with a GMT/UTC
timestamp that doesn't correspond to any connections, but is close enough
to one that I *think* I know which user it is.

I'm also concerned about auto-blackholing/blocking dynamic IPs...

On Tue, 18 Sep 2001, Rubens Kuhl Jr. wrote:



Please list probe time also. Dynamic IPs can only be traced to the actual 
infected user with a time stamp.


Rubens Kuhl Jr.


        http://seven.alameda.net/~ulf/nimda/

I put a page to search for infected IPs. This is the first version.
Currently I put IPs into it which probed me before about 2pm PDT.
I got email from 2 people who sent me their IPs, which I am going
to add when they ok it.

You can right now search by SQL for IPs like: 64.81.%
This will display all IPs which probed me starting
with 64.81.

Things I am adding in the next minutes is so that people
can submit them self single IPs or bulk list.



James Smallacombe                     PlantageNet, Inc. CEO and Janitor
up () 3 am                                                          http://3.am
=========================================================================


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]