Security Incidents mailing list archives
RE: [Whitehat] "Nimda"?
From: Peter Mueller <pmueller () sidestep com>
Date: Tue, 26 Feb 2002 18:30:55 -0800
Tony,
First of all, since these hits are trying to access Windows directories do they pose any threat to my Linux machine? Second of all, is there any way for me to block these types of hits from my server?
#1 - Your linux boxes are immune. Nimda/code red works on IIS only. #2 - what version of linux are you running? More specifically, are you using ipchains or iptables? Iptables can be configured to filter out "nimda" packets with a bit of elbow grease, but to my knowledge ipchains cannot.
If anyone can recommend a good book or resource for hardening my Linux server and / or any good IDS, antivirus and other such security tools that would be appreciated as well.
I have found "securing and optimizing linux" (redhat biased) is a good starting point. Go to linuxdoc.org and look under the guides section. IDS - snort antivirus? ... tripwire (checks binaries to see if they've changed). {{ there aren't too many linux "viruses", but there are plenty of trojans }} security tools? - nmap, netcat, nessus.. hmm about you just check out this list? http://www.nmap.org/tools.html cheers, enjoy linux :) Peter ---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
Current thread:
- RE: [Whitehat] "Nimda"? Peter Mueller (Feb 27)