CodeRed - simple attacks analyzer

["Daniel Kiper" <dkiper () netspace com pl>]

Hello

First, sorry for my english.

Yestarday I have prepared very very simple script
for CodeRed attacks analyzing. Those script
read error logs (LogLevel warn) from Apache server
(you may set source directory in script - LOG_DIR)
and generate four files in directory "YYYYMMDD"
(you may set destination directory in script - DIR):

cr-attacks.txt - file with full info
ip-date.txt - IP of attacker and date.
              You may send this file to address
              aris-report () securityfocus com
ip.txt - all IPs of attackers (unique)
summary.txt - total attacks and total unique IPs

Below I have attached script with example results.

Tested on Linux Debian 2.1
with apache-ssl 1.3.9.13-3.

Read code and configure for your needs.

If you don't pass parameter all info are
prepared for previous day.

cr-attacks 0 - info for today

cr-attacks 1 - previous day

cr-attacks 10 - ten days ago

I'm waiting for your questions and suggestions.

Daniel Kiper - dkiper () netspace com pl

Attachment: cr-attacks.tgz
Description:

----------------------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management 
and tracking system please see: http://aris.securityfocus.com