Home page logo

nanog logo nanog mailing list archives

Re: Online DB of IPs for Nimda worm infected machines
From: <up () 3 am>
Date: Tue, 18 Sep 2001 19:40:51 -0400 (EDT)

Yes!  ...and accurate (ntpsynch'd) times, too, please.  I just got a nimda
warning from secmbox3+nimda () UU NET for a dynamic IP with a GMT/UTC
timestamp that doesn't correspond to any connections, but is close enough
to one that I *think* I know which user it is.

I'm also concerned about auto-blackholing/blocking dynamic IPs...

On Tue, 18 Sep 2001, Rubens Kuhl Jr. wrote:

Please list probe time also. Dynamic IPs can only be traced to the actual 
infected user with a time stamp.

Rubens Kuhl Jr.


I put a page to search for infected IPs. This is the first version.
Currently I put IPs into it which probed me before about 2pm PDT.
I got email from 2 people who sent me their IPs, which I am going
to add when they ok it.

You can right now search by SQL for IPs like: 64.81.%
This will display all IPs which probed me starting
with 64.81.

Things I am adding in the next minutes is so that people
can submit them self single IPs or bulk list.

James Smallacombe                     PlantageNet, Inc. CEO and Janitor
up () 3 am                                                          http://3.am

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]