[linux-help] Re: new Nimba worm help.
[Top] [All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index] [Thread Index]
For stuff like this, it's security@xxxxxx ... for abuse, it's
abuse@xxxxxx, for fraud, it's fraud@xxxxxx ...
> -----Original Message-----
> From: linux-help-bounce@xxxxxxxxx [mailto:linux-help-bounce@xxxxxxxxx]
On
> Behalf Of james l
> Sent: Thursday, September 20, 2001 9:24 PM
> To: linux-help@xxxxxxxxx
> Subject: [linux-help] Re: new Nimba worm help.
>
>
> Root/Great Overall Dictator replies:
> > I don't use bsd, but whatever the command line would be for adding a
> new
> > rule for the filter would work. The only key here is the use of the
> > variable host to get the ip address to add into the new filter rule.
> >
>
> Might be useful for those of us with firewalls (fraizierwall, but
should
> work
> with any ipchains log), to find out who is infected (at least those
who
> haven't already done this :)
>
> grep 80 firewall.005.log | grep 65. | cut -f 9 -d ' ort | cut -f 1 -d
':'
> |
> uniq
>
> (output can be redirected to a file with > $FILENAME, and
> firewall.005.log needs to be changed to whatever the file you have the
> log in
> is, sorry about kmail's wrapping)
>
> I myself don't know RR's abuse email. I have found 41 ips within
65.*.*.*
> Does anyone know RR's IP range?
>
> James L
>
>
>
> -- This is the linux-help@xxxxxxxxx list. To unsubscribe,
> visit http://tmp2.complete.org/cgi-bin/listargate-aclug.cgi
-- This is the linux-help@xxxxxxxxx list. To unsubscribe,
visit http://tmp2.complete.org/cgi-bin/listargate-aclug.cgi
|
|
