I'm using this guys script (modified slightly) It uses IPchains to
block sites infected with the nimda virus. You can find out info at.
http://screaming-penguin.com/main.php?storyid=1922
If you can't get the site and others want my scripts ( I've modified
it for iptables as well) let me know an
http://apantihak.sourceforge.net/
Yes, there is a way to stop all nimda related scans / probes.
This is a module for apache that in it's current form uses ipchains. It works
by checking the requested URL for several strings and writting an ipchains
rule that stops any further connections.
To g
I keep getting hit by a site which is probably infected with the Namda worm
or one of those others. I keep seeing connections in my httpd access_log
file, and judging from the requests, it seems to be probing for another
vunerable NT server to attack. I'd like to be able to just slam the door
