Complete.Org: Mailing Lists: Archives: linux-help: September 2001:
[linux-help] Re: new Nimba worm help.
Home

[linux-help] Re: new Nimba worm help.

[Top] [All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index] [Thread Index]
To: <linux-help@xxxxxxxxx>
Subject: [linux-help] Re: new Nimba worm help.
From: "gLaNDix" <glandix@xxxxxxxxxxxxxx>
Date: Fri, 21 Sep 2001 09:34:04 -0500
Reply-to: linux-help@xxxxxxxxx

For stuff like this, it's security@xxxxxx ... for abuse, it's
abuse@xxxxxx, for fraud, it's fraud@xxxxxx ...

> -----Original Message-----
> From: linux-help-bounce@xxxxxxxxx [mailto:linux-help-bounce@xxxxxxxxx]
On
> Behalf Of james l
> Sent: Thursday, September 20, 2001 9:24 PM
> To: linux-help@xxxxxxxxx
> Subject: [linux-help] Re: new Nimba worm help.
> 
> 
> Root/Great Overall Dictator replies:
> > I don't use bsd, but whatever the command line would be for adding a
> new
> > rule for the filter would work.  The only key here is the use of the
> > variable host to get the ip address to add into the new filter rule.
> >
> 
> Might be useful for those of us with firewalls (fraizierwall, but
should
> work
> with any ipchains log), to find out who is infected (at least those
who
> haven't already done this :)
> 
> grep 80 firewall.005.log | grep 65. | cut -f 9 -d ' ort | cut -f 1 -d
':'
> |
> uniq
> 
> (output can be redirected to a file with > $FILENAME, and
> firewall.005.log needs to be changed to whatever the file you have the
> log in
> is, sorry about kmail's wrapping)
> 
> I myself don't know RR's abuse email. I have found 41 ips within
65.*.*.*
> Does anyone know RR's IP range?
> 
> James L
> 
> 
> 
> -- This is the linux-help@xxxxxxxxx list.  To unsubscribe,
> visit http://tmp2.complete.org/cgi-bin/listargate-aclug.cgi

-- This is the linux-help@xxxxxxxxx list.  To unsubscribe,
visit http://tmp2.complete.org/cgi-bin/listargate-aclug.cgi


[Prev in Thread] Current Thread [Next in Thread]