Mr. Dyson's Early Bird tool has been a godsend to my web servers - Kudos to him for Early Bird! Has anybody else developed countermeasure tools to combat the other vulnerability-seeking worms that are out there? For example, I have been seeing between 25 and 50 hits, per server, per day on port 1433. I'd like to start using some countermeasures against these attempts/attacks. Perhaps not malicious countermeasures, but one that would do an ARIN/RIPE WHOIS lookup, and notify the administrator of the IP Netblock of the attack. Again, I reiterate the point -- Early Bird has been a godsend. I have received a range of responses to Early Bird notifications, including many thank-you messages from sysadmins. It would be nice to combat the other problematic stuff out there. Thanks, Gregg Sperling sysadmin glsrms.com ---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
This archive was generated by hypermail 2b30 : Fri Jun 28 2002 - 13:19:50 PDT