Hey ccgaddes,
If you're running a firewall (you are running a firewall, right?) try:
cat /var/log/firewall | grep ':80 L=' | wc -l
This will count all hits fired at port 80, the target of nimda's attack.
This is also assuming your firewall is protecting all the lower ports. If
you need more help with setting up a ruleset for the firewall, visit
http://members.optushome.com.au/pengu who has a krad rc.firewall script
that's specifically for the athome service.
I've put up all my logs from Optus@Home users hit with nimda on my website
at http://members.optushome.com.au/barrypark/scans.txt. More than 1700 at
last count this morning.
- Barry
-----Original Message-----
From: ccgaddes [mailto:[EMAIL PROTECTED]]
Sent: Thursday, September 20, 2001 12:04 PM
To: [EMAIL PROTECTED]
Subject: [SLUG] Nimda
I guys I was just woundering how I would go about setting up a filter \ rule
to view how many times my box is hit with the Nimda virus ...any ideas would
be cool as I am new to the linux world..thanks
*********************************************************************************
This email and any files transmitted with it may be legally privileged
and confidential. If you are not the intended recipient of this email,
you must not disclose or use the information contained in it. If you
have received this email in error, please notify us by return email and
permanently delete the document.
*********************************************************************************
--
SLUG - Sydney Linux User Group Mailing List - http://slug.org.au/
More Info: http://lists.slug.org.au/listinfo/slug
