[Snort-users] Nimda infections..
michael at ...3137...
Thu Sep 20 16:04:02 EDT 2001
-----BEGIN PGP SIGNED MESSAGE-----
On Friday 21 September 2001 00:03, Franki wrote:
> well, I now have a linux/unix shell script that looks for root.exe,
> cmd.exe, default.ida and Admin.dll in my server error logs...
> if it finds them, it adds the asking ip to ipchains deny rules...
> it also writes the list of offending ip's to a file,, and there is now 2900
> ip's in that file..
> I would love to know an automated way of letting the owners know, but I
> can't think of any way....
http://freshmeat.net/projects/incident.pl/ - probibly needs some minor
modifications to serve your purpose.
There is no such thing as a system that is secure out of the box.
Tim [Timothy M. Mullen, CIO of AnchorIS.Com] claimed earlier this
morning that he had found one at WalMart the other day that was
secure out of the box, but as it turns out that was a Nintendo.
- -- Jesper M Johansson, Ph.D. Assistant Professor of Information
Systems at Boston University - during a SANS audio broadcast
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (FreeBSD)
Comment: For info see http://www.gnupg.org
-----END PGP SIGNATURE-----
More information about the Snort-users