Anyone doing anything different? How about something that tails an apache log file and adds ipchains rules to kill infected IP's? Anyone want to write it? -----Original Message----- From: John Davidson [mailto:jwd_odsat_private] Sent: Tuesday, September 18, 2001 7:56 PM To: incidentsat_private Subject: Nimda Worm Mitigation I have been able to reduce the effect of the Nimda worm by implementing Host Headers. Now every nimda originated request gets a 404, before some were sent a 404, but also some error 500. This works because the worm scans base on IP only. Its not much of a help but the logs are now under control. Scans are about 10 times that of CodeRed.C so far. John Davidson ---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com ---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
This archive was generated by hypermail 2b30 : Tue Sep 18 2001 - 22:04:44 PDT