[linux-elitists] nimda - cheese or notify script?

Rusty Foster rusty@kuro5hin.org
Tue Sep 18 23:24:23 PDT 2001


"Karsten M. Self" wrote:
> 
> Anyone aware of a nimda cheese counterworm or a notify script for
> shutting down the attack?
> 
> My dialup has had 64 connection attempts to date, starting at 6:30 this
> morning.
> 

K5's server has seen 4695 (approximately) today. 

> My detection script:
> 
>     grep 'GET.*script' /var/log/apache/access.log
> 

grep 'GET.*/winnt/' worked better for me. It misses the requests for
cmd.exe etc, but 'script' by itself gave too many false positives.

--R
-- 
Rusty Foster :: rusty@kuro5hin.org :: http://www.kuro5hin.org

MY best interest? How do you know what MY best interest is?
                                      --Suicidal Tendancies



More information about the linux-elitists mailing list