[linux-help] Re: new Nimba worm help.
[Top] [All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index] [Thread Index]
Ok, I don't have much (read: any) experience w/ ipchains... is it
basically the linux equiv of ipfw for freebsd (or vice versa)? If so,
then this should do about the same thing in freebsd (assuming you want
to be really anal and completely block sites from having any access to
your network what-so-ever!):
> #!/bin/sh
> #
> # Block sites which originate Nimba queries from Apache server
> # Apache must be configured with HostnameLookups Off
>
> LOGS=/var/log/httpd
>
> cd $LOGS
>
> grep '^[0-9]*\.[0-9]*\.[0-9]*\.[0-9]* ' * 2>/dev/null |
> awk '/system32\/cmd\.exe/ {sub(/[^:]*:/,"");print $1}' |
> sort -u |
> while read host
> do
> if ! fgrep $host /var/tmp/blocked >/dev/null
> then
> echo $host >>/var/tmp/blocked
> /sbin/ipfw add deny all from $host to any
> fi
> done
... don't know about ipchains, but it would also be nice to have a way
to add the entry to my ipfw.conf, but for now this will do fine!
-- This is the linux-help@xxxxxxxxx list. To unsubscribe,
visit http://tmp2.complete.org/cgi-bin/listargate-aclug.cgi
|
|
