RE: [Whitehat] "Nimda"?
From: Peter Mueller (pmueller@sidestep.com)Date: 02/27/02
- Previous message: Mally Mclane: "Re: Determining the country of orgin for IP address(es)"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: Peter Mueller <pmueller@sidestep.com> To: "'Bradley, Tony'" <tony.bradley@eds.com>, "'incidents@securityfocus.com'" <incidents@securityfocus.com> Date: Tue, 26 Feb 2002 18:30:55 -0800
Tony,
> First of all, since these hits are trying to access Windows
> directories do
> they pose any threat to my Linux machine? Second of all, is
> there any way
> for me to block these types of hits from my server?
#1 - Your linux boxes are immune. Nimda/code red works on IIS only.
#2 - what version of linux are you running? More specifically, are you
using ipchains or iptables? Iptables can be configured to filter out
"nimda" packets with a bit of elbow grease, but to my knowledge ipchains
cannot.
> If anyone can recommend a good book or resource for hardening my Linux
> server and / or any good IDS, antivirus and other such
> security tools that
> would be appreciated as well.
I have found "securing and optimizing linux" (redhat biased) is a good
starting point. Go to linuxdoc.org and look under the guides section.
IDS - snort
antivirus? ... tripwire (checks binaries to see if they've changed). {{
there aren't too many linux "viruses", but there are plenty of trojans }}
security tools? - nmap, netcat, nessus.. hmm about you just check out this
list? http://www.nmap.org/tools.html
cheers, enjoy linux :)
Peter
----------------------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management
and tracking system please see: http://aris.securityfocus.com
- Previous message: Mally Mclane: "Re: Determining the country of orgin for IP address(es)"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
