Complete.Org: Mailing Lists: Archives: linux-help: September 2001:
[linux-help] Re: new Nimba worm help.
Home

[linux-help] Re: new Nimba worm help.

[Top] [All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index] [Thread Index]
To: linux-help@xxxxxxxxx
Subject: [linux-help] Re: new Nimba worm help.
From: james l <james@xxxxxxxxxxxxxxxxxx>
Date: Thu, 20 Sep 2001 21:24:24 -0500
Reply-to: linux-help@xxxxxxxxx

Root/Great Overall Dictator replies:
> I don't use bsd, but whatever the command line would be for adding a new
> rule for the filter would work.  The only key here is the use of the
> variable host to get the ip address to add into the new filter rule.
> 

Might be useful for those of us with firewalls (fraizierwall, but should work
with any ipchains log), to find out who is infected (at least those who
haven't already done this :)

grep 80 firewall.005.log | grep 65. | cut -f 9 -d ' ort | cut -f 1 -d ':' |
uniq 

(output can be redirected to a file with > $FILENAME, and
firewall.005.log needs to be changed to whatever the file you have the log in
is, sorry about kmail's wrapping)

I myself don't know RR's abuse email. I have found 41 ips within 65.*.*.*
Does anyone know RR's IP range? 

James L



-- This is the linux-help@xxxxxxxxx list.  To unsubscribe,
visit http://tmp2.complete.org/cgi-bin/listargate-aclug.cgi


[Prev in Thread] Current Thread [Next in Thread]