When nimda was first launched I could've sworn it _was_ getting rid of all these horribly infectious hosts. Working with a few clients It appears that whenever it tftp outs it creates a TFTPXXXX (where the x's are incremental), around 50k files... Now each machine making hundereds of connection attempts a minute this fills up. Besides some machines having bigger harddrives than others, why aren't these too knocked off the internet? I remember watching the code red boxes i had logged (nearly 4000) just drop off the net one by one. It was quite amusing at first, but I'm still baffled as to why these other nimda infected machines aren't doing the same. Any one know/care?
w1re

________________________________________________________
The Best News Source On The Web - http://www.disinfo.com

----------------------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management
and tracking system please see: http://aris.securityfocus.com

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]