Re: Yet Another Nimda Thread (YANT)

[Bryan Andersen <bryan () visi com>]

Seeing many people have asked.

> Any chance of sharing the scripts that created those charts?

I've placed the copy of my script that produced the output below at:
  http://www.nerdvest.com/security/get-times2.bash
It's slow and inefficient, but you know it only took a few minutes 
to write.  Developed on a OpenBSD system using the bash shell. I'm
told it runs fine under other sh like shells.

The script reads standard format Apache log files and outputs 
a list of counts for codered and nimda worm scans by hour.  It 
has a few lines that need to be tailored for your site.  It 
doesn't output the headers, but easily could be extended to.

dd/mmm/yyyy:hh  CodeRed                 Nimda
--------------  --------------------    ---------------------
21/Sep/2001:00  /16 0   /8 0    /0 0    /16 0   /8 4    /0 4
21/Sep/2001:01  /16 0   /8 0    /0 1    /16 0   /8 4    /0 4

-- 
|  Bryan Andersen   |   bryan () visi com   |   http://www.nerdvest.com   |
| Buzzwords are like annoying little flies that deserve to be swatted. |
|   -Bryan Andersen                                                    |

----------------------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management 
and tracking system please see: http://aris.securityfocus.com