httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Dave Stahr" <da...@prairiesys.com>
Subject RE: [users@httpd] CodeRed and Slapper ?
Date Tue, 08 Oct 2002 14:06:01 GMT
> I want to develop an attack pattern Log Viewer, to see what remote 
> hosts are infected with the OpenSSL slapper and those that *are* 
> *still* infected with CodeRed (hey, get a grip ya know?)

I've got a similar one that is just a bit more beefy and takes less
overhead to run than a one-time blast.  

Basically it does the same thing as yours, but instead of just opening
the file, it does a "tail -f" on it, then watches it for all sorts of
things, including virus/worm alerts.  It runs as root, and has the
ability to issue iptables commands to automatically shut down access to
a particular IP if it sees more connections than whatever limit I
specify.

The down-side of it, it has to be running all the time.  It will
reinitiate the tail process if someone kills it off or the apache log is
truncated/moved, but still does hog up two little processes 24/7.

Let me know off-list if you're interested: info@edgerack.com  (I will no
longer have access to the address I'm posting from now in about a week.)



---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


Mime
View raw message