September 18th, 2001 was my first encounter with Nimda along with many other people, in this paper I describe my initial thoughts and reactions to this. I was researching a scan that had happened earlier that morning when the IDS began to flood me with alerts. This was just the beginning of a very long couple of days for a lot of people, including myself. This worm hit with such vengeance, I had problems gathering information as the logs and IDS alerts were growing so fast I could not read them effectively. I began to wonder, "was this a denial of service attack aimed at us"? or "was this another variant of Code Red"? I took a breath and began copying logs from different devices for evaluation of the situation. From scanning my logs and the quick glimpse that I was able to get at the IDS, I found this was not a targeted attack. It was randomly hitting our network and eventually hit every external IP address within the environment. I then checked my e-mails, etc to make sure this was not a planned scan.
Read Entire Paper
E-Mail Link
Your IP address will be sent with this e-mail
