[Snort-users] Nimda infections..

Michael Boman michael at ...3137...
Thu Sep 20 16:04:02 EDT 2001


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On Friday 21 September 2001 00:03, Franki wrote:
> well, I now have a linux/unix shell script that looks for root.exe,
> cmd.exe, default.ida and Admin.dll in my server error logs...
>
> if it finds them, it adds the asking ip to ipchains deny rules...
>
> it also writes the list of offending ip's to a file,, and there is now 2900
> ip's in that file..
>
> I would love to know an automated way of letting the owners know, but I
> can't think of any way....

http://freshmeat.net/projects/incident.pl/ - probibly needs some minor 
modifications to serve your purpose.

Best regards
 Michael Boman
- -- 
There is no such thing as a system that is secure out of the box.
Tim [Timothy M. Mullen, CIO of AnchorIS.Com] claimed earlier this
morning that he had found one at WalMart the other day that was
secure out of the box, but as it turns out that was a Nintendo.

- -- Jesper M Johansson, Ph.D. Assistant Professor of Information
   Systems at Boston University - during a SANS audio broadcast
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (FreeBSD)
Comment: For info see http://www.gnupg.org

iD8DBQE7qnW5jD4u/xp0yJcRAj3kAKCA/PfBzjjaVfy0bLPkPd3ZsW08XQCfQBrF
726uo1cBd791qPad0h4fR/A=
=ls1n
-----END PGP SIGNATURE-----




More information about the Snort-users mailing list