We are also using string matching to block code red in our campus webcache. On Fri, 10 Aug 2001, Tina Bird wrote: > > Things to look for in your Web server logs: > > 'default' may return too much. I usually use it with 'default.ida' and > 'default.idq'. > > default > ida > idq > root\.exe > cmd\.exe > code red > codered > eeye > worm > overflow > whitehouse\.gov > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: loganalysis-unsubscribeat_private > For additional commands, e-mail: loganalysis-helpat_private > ------------------------------------------------------------------------------ ** Andy Johnston (andyat_private) * pager: 410-678-8949 ** ** Distributed Systems Manager * PGP key:(afj2000) 1024/F67035E1 ** ** Office of Information Technology, UMBC * 5D 44 1E 2E A6 7C 91 7A ** ** 410-455-2583 (v)/410-455-1065 (f) * C4 66 5F D5 BA B9 F6 58 ** ------------------------------------------------------------------------------ --------------------------------------------------------------------- To unsubscribe, e-mail: loganalysis-unsubscribeat_private For additional commands, e-mail: loganalysis-helpat_private
This archive was generated by hypermail 2b30 : Fri Aug 10 2001 - 15:47:56 PDT