[61103] in North American Network Operators' Group
Re: Sobig.f surprise attack today
daemon@ATHENA.MIT.EDU (Andrew Kerr)
Fri Aug 22 15:46:54 2003
Date: Fri, 22 Aug 2003 13:43:23 -0600
From: Andrew Kerr <andrew_kerr@iamnos.ca>
To: Jay Hennigan <jay@west.net>
Cc: nanog@merit.edu
In-Reply-To: <Pine.LNX.4.51.0308221238250.11729@htf.fo.jrfg.arg>
Errors-To: owner-nanog-outgoing@merit.edu
Jay Hennigan wrote:
> On Fri, 22 Aug 2003, Andrew Kerr wrote:
>
>
>>Its been posted here, and f-secure has it, but I wrote a quick script to
>>keep an eye on the 20 servers and dump the output to a simple page:
>>
>>http://207.195.54.37/sobig.html
>>
>>(Updates about every 5 mins)
>
>
> You're probing the list of NTP servers the worm uses to get the date, not
> the list of hosts to which it "phones home".
>
A few people pointed that out. By the time this message hits the list,
it should be corrected.
