On Sunday 03 February 2002 02:33 pm, Todd Slater wrote: > On Sunday 03 February 2002 09:08 am, ed tharp wrote: > > this is code red or nimda worms (or some worm close to it) and the > > solution is to run linux. then, if you care, block the IP sending the > > requests. since you don't run IIS, you will not have a problem other than > > the bandwidth used by the rouge windox. you could try and figure out the > > admin e-mainl of the send (requester) and send them an e-mail letting > > them know they or dumd for using M$ on the net, and what they are doing. > > (since they most likely got no clue,) > > Thanks to the many who responded. I e-mailed the ISPs, the offending IPs > were mostly part of RoadRunner. I got canned e-mails from them, ATT > Broadband, and rogers@home saying they were aware of the problem and > working diligently to correct it, that I should get the latest patches blah > blah. > > Anyway, it was suggested that I add the IP numbers to my hosts.deny file. > Is this as easy as adding a line: > > ALL: 24.160.49.154, 24.123.54.138 >
Yes, But, I think nimda comes through httpd and that is not inetd process so host.deny and allow are useless. You might put the IP in ipchains / iptables -- Gerald Waugh Registered Linux User 255245 Register at http://counter.li.org
Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
