On Wed, 13 Mar 2002 08:20:18 +0100
Anders Johansson
On Wednesday 13 March 2002 00.46, James Bliss wrote:
This is the Code Red / Nimda attack signatures. You can just ignore them since you are not at risk. I know, they really clutter up the logs though.
I do not think there is a way to keep them out of the log, on the security list they went around on this and I do not remember any specific resolution which would keep them out of the log files. (anyone know of a way to avoid logging these entries?)
This is included in SuSE's official 2.4.16 kernel. Don't know about 2.4.10
iptables -I INPUT -j DROP -m string -p tcp -s 0.0.0.0/0 --dport 80 --string "default.ida"
(Adjust the string to suit other virus patterns). This will drop the attempt at the firewall level, before it ever gets to your apache.
//Anders
-- To unsubscribe send e-mail to suse-linux-e-unsubscribe@suse.com For additional commands send e-mail to suse-linux-e-help@suse.com Also check the FAQ at http://www.suse.com/support/faq and the archives at http://lists.suse.com
any idea why the return code was 400 and not 404?