Snort mailing list archives
Re: Nimda infections..
From: Michael Boman <michael () ayeka dyndns org>
Date: Fri, 21 Sep 2001 07:03:15 +0800
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Friday 21 September 2001 00:03, Franki wrote:
well, I now have a linux/unix shell script that looks for root.exe, cmd.exe, default.ida and Admin.dll in my server error logs... if it finds them, it adds the asking ip to ipchains deny rules... it also writes the list of offending ip's to a file,, and there is now 2900 ip's in that file.. I would love to know an automated way of letting the owners know, but I can't think of any way....
http://freshmeat.net/projects/incident.pl/ - probibly needs some minor modifications to serve your purpose. Best regards Michael Boman - -- There is no such thing as a system that is secure out of the box. Tim [Timothy M. Mullen, CIO of AnchorIS.Com] claimed earlier this morning that he had found one at WalMart the other day that was secure out of the box, but as it turns out that was a Nintendo. - -- Jesper M Johansson, Ph.D. Assistant Professor of Information Systems at Boston University - during a SANS audio broadcast -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.6 (FreeBSD) Comment: For info see http://www.gnupg.org iD8DBQE7qnW5jD4u/xp0yJcRAj3kAKCA/PfBzjjaVfy0bLPkPd3ZsW08XQCfQBrF 726uo1cBd791qPad0h4fR/A= =ls1n -----END PGP SIGNATURE----- _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- RE: Nimda infections.. Franki (Sep 20)
- Re: Nimda infections.. Michael Boman (Sep 20)