On 2001.07.20, Jeff Huber <[EMAIL PROTECTED]> wrote: > does anyone have ideas how i could setup a development enviorment to figure > out a work-around for this issue? i need a way to generate the http request > the worm uses to propogate. get another box on your network to run a packet sniffer, like tcpdump or netxray. then, just start capturing all packets to disk. when the traffic you're waiting for comes across, go look at your logs around that time. do this all the time to look for strange activity (poor man's IDS) and troubleshoot problems that leave no logs. -- dossy -- Dossy Shiobara mail: [EMAIL PROTECTED] Panoptic Computer Network web: http://www.panoptic.com/
