Security Incidents mailing list archives
RE: Nimda Worm Mitigation
From: "Jason Lewis" <jlewis () packetnexus com>
Date: Tue, 18 Sep 2001 22:52:33 -0400
Anyone doing anything different? How about something that tails an apache log file and adds ipchains rules to kill infected IP's? Anyone want to write it? -----Original Message----- From: John Davidson [mailto:jwd_ods () monisys ca] Sent: Tuesday, September 18, 2001 7:56 PM To: incidents () securityfocus com Subject: Nimda Worm Mitigation I have been able to reduce the effect of the Nimda worm by implementing Host Headers. Now every nimda originated request gets a 404, before some were sent a 404, but also some error 500. This works because the worm scans base on IP only. Its not much of a help but the logs are now under control. Scans are about 10 times that of CodeRed.C so far. John Davidson ---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com ---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
Current thread:
- Nimda Worm Mitigation John Davidson (Sep 18)
- RE: Nimda Worm Mitigation Jason Lewis (Sep 18)
- RE: Nimda Worm Mitigation: Snort Kain X (Sep 19)
- <Possible follow-ups>
- FW: Nimda Worm Mitigation Jason Lewis (Sep 19)
- Apache rewrite rules and error msgs & Nimda Chris Stephens (Sep 19)
- RE: Nimda Worm Mitigation Jason Lewis (Sep 18)