SLUG Mailing List Archives - Re: [SLUG] Nimda

To: ccgaddes@xxxxxxxxxxxxxxxx, slug@xxxxxxxxxxx
Subject: Re: [SLUG] Nimda
From: Graeme Robinson <graemer@xxxxxxxxxxx>
Date: Thu Sep 20 11:27:02 2001

To: E-smith developers list <devinfo@xxxxxxxxxxxxxxxxx>
From: Mike Sensney <msensney@xxxxxxx>
Subject: Re: [e-smith-devinfo] FYI - new worm appears to be hitting
Microsoft IIS servers
X-Fetchmail-Warning: recipient address devinfo@xxxxxxxxxxxxxxxxx didn'tmatch any local name
21:33:12 - I've now been hit 4790 times now from 149 different servers.

I'm now running this rough little script which gives the above output.
It loops about every 10 minutes.
<script>
while : ; do
cat /var/log/httpd/access_log |grep 'c+dir' >tempfile
TIME=`date | cut -f 4 -d " "`
ATTACKS=`wc -l <tempfile | tr -d ' '`
SERVERS=`cat tempfile | grep 'c+dir' | cut -f 2 -d " " | sort | uniq | wc-l | tr -d ' '`
rm -rf tempfile
echo "$TIME - I've now been hit $ATTACKS times now from $SERVERS differentservers."
sleep 600
done
</script>




At 11:04 AM 20/09/2001 +1000, ccgaddes wrote:

I guys I was just woundering how I would go about setting up a filter \ rule
to view how many times my box is hit with the Nimda virus ...any ideas would
be cool as I am new to the linux world..thanks

--
SLUG - Sydney Linux User Group Mailing List - http://slug.org.au/
More Info: http://lists.slug.org.au/listinfo/slug

References:
- [SLUG] Nimda
  - From: ccgaddes

Messages sorted by: [ date | thread ]
Prev by Date: RE: [SLUG] Nimda
Next by Date: Re: [SLUG] www.thiefware.com
Previous by thread: [SLUG] Nimda
Next by thread: Re: [SLUG] Nimda