httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From jaqui <ja...@shaw.ca>
Subject Re: [users@httpd] CodeRed and Slapper off list
Date Tue, 08 Oct 2002 16:00:27 GMT
actually, I am interested in the script myself.
there are a significant number of servers hitting me that are infected.

Jaqui

Dave Stahr wrote:
>>I want to develop an attack pattern Log Viewer, to see what remote 
>>hosts are infected with the OpenSSL slapper and those that *are* 
>>*still* infected with CodeRed (hey, get a grip ya know?)
>>
> 
> I've got a similar one that is just a bit more beefy and takes less
> overhead to run than a one-time blast.  
> 
> Basically it does the same thing as yours, but instead of just opening
> the file, it does a "tail -f" on it, then watches it for all sorts of
> things, including virus/worm alerts.  It runs as root, and has the
> ability to issue iptables commands to automatically shut down access to
> a particular IP if it sees more connections than whatever limit I
> specify.
> 
> The down-side of it, it has to be running all the time.  It will
> reinitiate the tail process if someone kills it off or the apache log is
> truncated/moved, but still does hog up two little processes 24/7.
> 
> Let me know off-list if you're interested: info@edgerack.com  (I will no
> longer have access to the address I'm posting from now in about a week.)





---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


Mime
View raw message