Hi,
For those of you that are interested in seeing just how many scans
you are getting from the Nimda worm, try running this script as root:
-- start of script --
#!/bin/sh
# glen scott/design solution 2001 <[EMAIL PROTECTED]>
echo "Nimba worm scanner..."
#count individual scans:
INDIVIDUAL_SCANS=`cat /var/log/httpd/access | grep
'/scripts/root.exe?/c+dir' | wc -l`
#show source ip:
#cat /var/log/httpd/access | grep '/scripts/root.exe?/c+dir' | cut -d
' ' -f2 | sort | uniq
#count unique source ips:
UNIQUE=`cat /var/log/httpd/access | grep '/scripts/root.exe?/c+dir' |
cut -d ' ' -f2 | sort | uniq | wc -l`
echo "We have received $INDIVIDUAL_SCANS scans from $UNIQUE different
IP addresses"
-- end of script --
Uncomment the line below '# show source ip' to get a list of every
unique source IP address.
Have fun,
Glen Scott
--
---
Design Solution Limited
t: +44 (0)1502 513008
f: +44 (0)1502 588622
e: [EMAIL PROTECTED]
w: http://www.designsolution.co.uk
Nouvotech House, Harbour Road,
Oulton Broad, Suffolk, NR32 3LZ, UK
---
DS Knowledge Base http://faq.dessol.co.uk
_______________________________________________
cobalt-security mailing list
[EMAIL PROTECTED]
http://list.cobalt.com/mailman/listinfo/cobalt-security
