[linux-elitists] nimda - cheese or notify script?
Tue Sep 18 23:24:23 PDT 2001
"Karsten M. Self" wrote:
> Anyone aware of a nimda cheese counterworm or a notify script for
> shutting down the attack?
> My dialup has had 64 connection attempts to date, starting at 6:30 this
K5's server has seen 4695 (approximately) today.
> My detection script:
> grep 'GET.*script' /var/log/apache/access.log
grep 'GET.*/winnt/' worked better for me. It misses the requests for
cmd.exe etc, but 'script' by itself gave too many false positives.
Rusty Foster :: email@example.com :: http://www.kuro5hin.org
MY best interest? How do you know what MY best interest is?
More information about the linux-elitists