codered/nimda blocking
Ron Peterson
ron.peterson at yellowbank.com
Wed Nov 7 10:39:19 EST 2001
On Tue, 6 Nov 2001, Peter R. Wood wrote:
> Your suggestion of a log-watching daemon interacting with a firewall
> sounds interesting. It's something we'll have to put on the development
> back-burner for now, though, since we're entering the holiday rush season
> and can't afford to be tinkering with changes to our live site
> architecture.
You can find a couple of scripts at
http://screaming-penguin.com/info/codeRedKiller.html designed to stop code
red by adding discovered infected hosts to ipchains. It uses PHP for the
(insecure) apache monitoring side, and a bash script (run as root) to
update ipchains.
Basically a specific implementation of the general idea proposed by David
Kramer.
Don't know if this helps, but FWIW...
--
-Ron-
https://www.yellowbank.com/
More information about the Discuss
mailing list