Mailinglist Archive: opensuse (3644 mails)

< Previous Next >
Re: [SLE] web log
  • From: Anders Johansson <andjoh@xxxxxxxxxxxxxxxxxxxxx>
  • Date: Wed, 13 Mar 2002 08:20:18 +0100
  • Message-id: <200203130820.18962.andjoh@xxxxxxxxxxxxxxxxxxxxx>
On Wednesday 13 March 2002 00.46, James Bliss wrote:
This is the Code Red / Nimda attack signatures. You can just ignore them
since you are not at risk. I know, they really clutter up the logs though.

I do not think there is a way to keep them out of the log, on the security
list they went around on this and I do not remember any specific resolution
which would keep them out of the log files. (anyone know of a way to avoid
logging these entries?)

This is included in SuSE's official 2.4.16 kernel. Don't know about 2.4.10

iptables -I INPUT -j DROP -m string -p tcp -s 0.0.0.0/0 --dport 80 --string
"default.ida"

(Adjust the string to suit other virus patterns). This will drop the attempt
at the firewall level, before it ever gets to your apache.

//Anders

< Previous Next >
References