[linux-elitists] nimda - cheese or notify script?

Karsten M. Self kmself@ix.netcom.com
Tue Sep 18 12:56:41 PDT 2001


Anyone aware of a nimda cheese counterworm or a notify script for
shutting down the attack?

My dialup has had 64 connection attempts to date, starting at 6:30 this
morning.

Preliminary analysis shows Forsythe & Assoc and Santa Clara County Heath
Authority among compromised hosts.

My detection script:

    grep 'GET.*script' /var/log/apache/access.log

...I'm current running 'host' and 'whois' on the 64 hosts detected.

Peace.

-- 
Karsten M. Self <kmself@ix.netcom.com>        http://kmself.home.netcom.com/
 What part of "Gestalt" don't you understand?              Home of the brave
  http://gestalt-system.sourceforge.net/                    Land of the free
   Free Dmitry! Boycott Adobe! Repeal the DMCA!  http://www.freesklyarov.org
Geek for Hire                      http://kmself.home.netcom.com/resume.html
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 232 bytes
Desc: not available
Url : http://allium.zgp.org/pipermail/linux-elitists/attachments/20010918/d2a88dda/attachment.pgp 


More information about the linux-elitists mailing list