Security Incidents mailing list archives
Code Red capture tool
From: Stephen Friedl <friedl () mtndew com>
Date: Wed, 1 Aug 2001 20:11:04 -0700
This is probably a little late, but those that want to watch the worm while it wanders might care to use a little tool I've written. Running on a Linux machine with an alias for every otherwise-unused IP address on a (small) block, it listens on port 80 and logs the source/destination and a bit of the URL fetched. Written in perl, it can be found with a small writeup at http://www.unixwiz.net/tools/websnarf.html On my /27 it's recording about 30 per hour. Steve Mod: dump this if too late to be interesting. --- Stephen J Friedl | Software Consultant | Tustin, CA | +1 714 544-6561 www.unixwiz.net | I speak for me only | KA8CMY | steve () unixwiz net ---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
Current thread:
- Code Red capture tool Stephen Friedl (Aug 01)