[NTLUG:Discuss] also Nimda & CodeRed fighting...

mrussell@sohosolutions.org mrussell at sohosolutions.org
Wed Mar 26 17:16:57 CST 2003 

I have noticed that my broadband router has almost constant activity on it
and the log looks like it is nimda - I have been on comcast the entire
time so I do not know if it would be associated with them or not, but they
should do something about it - aout 9 of 10 new IPs hitting my firewall
are all on the comcast network.  Scary to think that so many people still
haven't figured out anit-virus software (or at least how to read up on
security of some form)

Matt
>
> Any other attbi (now Comcast) subscribers noticing a huge upswing in the
>  number of Nimda and CodeRed infested machines since the comcast deal
> was  completed?  Was the upsurge just co-incidental, since (for my
> stuff, at  least) everything is still attbi.com (i.e., no real change in
>
> administration of the network...just change in ownership)?
>
> I've gone from seeing about a dozen different IPs (mostly other
> attbi.com  customers) requesting default.ida in a week's time, to about
> 3 dozen  different IPs (also, mostly other attbi.com customers).
>
> I've considered using a 'doze box to do a NET SEND xxx.xxx.xxx.xxx
> "Please  scan your computer.  You have a virus/worm." to all those IP's.
>  Think I'd  get in trouble?  It would reveal my IP to them.  This is
> assuming that they  have the messaging service open...which most
> probably will since they  haven't bothered to apply any patches or scan
> for viruses.
>
> Think it would do any good?
>
> Since I have my webserver (Linux box - Mandrake 8.1 but soon migrating
> to  something not French and not bankrupt) setup to automatically find
> and  block http traffic from those IPs, I'm not all that concerned about
> my box.
>  I'm more concerned about those people not knowing that they are
> unwittingly spreading junk like this around to other 'doze users.
>
> Couldn't Comcast automatically block this stuff with packet filters at
> their routers?  Couldn't they also pick off the IP address of infected
> machines and notify the owners that they need to run a virus scan?  It
> seems that would be pretty easy to automate.
>
> In the past, I have sent lists of the attbi.com IP's that are this way
> to  abuse at attbi.com or abuse at comcast.com, but I don't think they really
> care.   I care, partially because that stuff winds up eating lots of
> bandwidth.
>
> D!
>

More information about the Discuss mailing list