RE: iptables anti-nimda anyone?
From: Chris Freeze (CFreeze@COMCEPTINC.COM)Date: 09/21/01
- Previous message: Evan Borgstrom: "Re: iptables anti-nimda anyone?"
- In reply to: Konrad Michels: "iptables anti-nimda anyone?"
- Next in thread: teo@gecadsoftware.com: "Re: iptables anti-nimda anyone?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: Chris Freeze <CFreeze@COMCEPTINC.COM> To: Konrad Michels <konrad@overnetdata.com> Message-ID: <XFMail.20010921090048.cfreeze@comceptinc.com> Date: Fri, 21 Sep 2001 09:00:48 -0500 (CDT) Subject: RE: iptables anti-nimda anyone?
On 19-Sep-2001 Konrad Michels wrote:
> Hi everyone
> I don't suppose one of our iptables gurus out there has an iptables rule
> to filter out this damn nimda thing? I'm really annoyed about it
> filling up my apache logz and would love to drop the packets 'ere they
> get to the apache server . . .
Here's a simple little script from Mario Kerecki <marker@radiomoi.com>
#!/bin/sh
#
# Block sites which originate Nimba queries from Apache server
# Apache must be configured with HostnameLookups Off
LOGS=/http_php3/logs
cd $LOGS
grep '^[0-9]*\.[0-9]*\.[0-9]*\.[0-9]* ' * 2>/dev/null |
awk '/system32\/cmd\.exe/ {sub(/[^:]*:/,"");print $1}' |
sort -u |
while read host
do
if ! fgrep $host /var/tmp/blocked >/dev/null
then
echo $host >>/var/tmp/blocked
/sbin/iptables -I INPUT -s $host -l -j DROP
fi
done
-- Regards,Chris
----- Chris Freeze Email: cfreeze@comceptinc.com Software Engineer Comcept, Inc Phone: (972) 772-6804 (Ext 5038) http://www.cfreeze.com -----
- Previous message: Evan Borgstrom: "Re: iptables anti-nimda anyone?"
- In reply to: Konrad Michels: "iptables anti-nimda anyone?"
- Next in thread: teo@gecadsoftware.com: "Re: iptables anti-nimda anyone?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
