Security Incidents mailing list archives
CodeRed - simple attacks analyzer
From: "Daniel Kiper" <dkiper () netspace com pl>
Date: Wed, 8 Aug 2001 13:29:40 +0200
Hello First, sorry for my english. Yestarday I have prepared very very simple script for CodeRed attacks analyzing. Those script read error logs (LogLevel warn) from Apache server (you may set source directory in script - LOG_DIR) and generate four files in directory "YYYYMMDD" (you may set destination directory in script - DIR): cr-attacks.txt - file with full info ip-date.txt - IP of attacker and date. You may send this file to address aris-report () securityfocus com ip.txt - all IPs of attackers (unique) summary.txt - total attacks and total unique IPs Below I have attached script with example results. Tested on Linux Debian 2.1 with apache-ssl 1.3.9.13-3. Read code and configure for your needs. If you don't pass parameter all info are prepared for previous day. cr-attacks 0 - info for today cr-attacks 1 - previous day cr-attacks 10 - ten days ago I'm waiting for your questions and suggestions. Daniel Kiper - dkiper () netspace com pl
Attachment:
cr-attacks.tgz
Description:
---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
Current thread:
- CodeRed - simple attacks analyzer Daniel Kiper (Aug 08)