On Thu, 19 Jul 2001 15:42:26 -0700 (PDT), shimi wrote:
>>
>>cat /var/log/httpd/access | grep .ida | wc -l
A note on this:
I output the lines from the access file to a text file so I could
read them. Shimi's command above allows grep to include anything with
"Guidant IE5" in it - which I found were real requests for pages.
The attempted attack comes in the form of (in my logs, anyway):
default.ida?NNNNNNNNNNNNNNN <insert a hundred more N's here and
another huge long string of gibberish>.
So I changed Shimi's grep to:
cat /var/log/httpd/access | grep .ida? | wc -l
And it cut down the number to the true attempts - 247.
Still... sheesh.
If you want to pipe it to a file, run:
cat /var/log/httpd/access | grep .ida? > worm.txt
and then read worm.txt to see what's going on.
--
Carrie Bartkowiak, [EMAIL PROTECTED] on 07/19/2001
_______________________________________________
cobalt-security mailing list
[EMAIL PROTECTED]
http://list.cobalt.com/mailman/listinfo/cobalt-security
