[plug] Anyone seen this particular attack pattern before?

Craig czilko at southwest.com.au
Fri Jan 18 02:10:04 WST 2002


On Thursday 17 January 2002 11:17 am, Alan Graham wrote:
> Apologies, I should have done more research.  It's NIMDA.
>
> Anyone have an answer to NIMDA?  Or is it just something we have to put up
> with until it dies out?  I'm getting a few hundred hits a day.
>

Try mod_antihak ..... sorry I cant remember the URL (Google search will find) 
but a friend set it up here and it grabs the IP of the offending MS server 
from the apache logs and sticks it in the IPtables policies to block .....  
at least until the firewall rules are flushed. Crude but effective.

Cheers,
	Craig.

Mandrake Linux 8.1
Kernel version: 2.4.8-34.1mdk
Current Linux uptime: 5 hours 19 minutes.



More information about the plug mailing list