Tony, > First of all, since these hits are trying to access Windows > directories do > they pose any threat to my Linux machine? Second of all, is > there any way > for me to block these types of hits from my server? #1 - Your linux boxes are immune. Nimda/code red works on IIS only. #2 - what version of linux are you running? More specifically, are you using ipchains or iptables? Iptables can be configured to filter out "nimda" packets with a bit of elbow grease, but to my knowledge ipchains cannot. > If anyone can recommend a good book or resource for hardening my Linux > server and / or any good IDS, antivirus and other such > security tools that > would be appreciated as well. I have found "securing and optimizing linux" (redhat biased) is a good starting point. Go to linuxdoc.org and look under the guides section. IDS - snort antivirus? ... tripwire (checks binaries to see if they've changed). {{ there aren't too many linux "viruses", but there are plenty of trojans }} security tools? - nmap, netcat, nessus.. hmm about you just check out this list? http://www.nmap.org/tools.html cheers, enjoy linux :) Peter ---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
This archive was generated by hypermail 2b30 : Wed Feb 27 2002 - 08:57:21 PST