Re: Blocking worms through Firewalls and/or Apache

From: Trtmn (mik@trtmn.org)
Date: 12/21/01


From: mik@trtmn.org (Trtmn)
Date: 20 Dec 2001 21:59:58 -0600

mike@kamloopsbc.com (Mike) graced us with the following:

>The other alternative, can anyone suggest the easiest way to automate
>the process of looking up the tech contact email address for the IP's
>that attack us so that I can automatically email the network admins?
>I don't mind writing the script, but I'm not sure what would be the
>best way to get the tech contacts email address.

Try googling the question in comp.os.linux.security. When Code Red was in
its first week of terror, several people posted scripts that 1) halted the
offending machines or 2) emailed the "admins". I'm sure you can find a
perl script for #2.

Or spend a few minutes with awk and whois in a bash script.

GL

PS - My figures are pretty similar to yours. In the last three months, my
personal server has had 354,000 scripties hit it in one form of attack or
another. I snort and move on....

-- 
______________________________
Mike Troutman
	http://www.troutman.org
	http://www.zen-data.com



Relevant Pages