Hello list-members, Just an OT-Idea ... not suse-security almost... i think that lots of you got lots of these annoying access-log entries that are produced by Nimda or CodeRed. Is there any possiblity of creating an antiworm or something like that? I got this idea because i tried to inform the sys-admins of the server but lots of them ignored me or didnt know what Nimda is... So i just would like to create a clean solution to stop this worm because it take ages to find relevant informations in my logfiles. I am not sure if this can be done or if this hurts the law somewhere... Thanks for any help, suggestions, comments, or "you-cant-do-that-because"-sentences... Sven Milstein
Sven, which active action you ever start against those worms lowers your appearance on the net to their level. I think it is a really bad idea to increase (even double) the network traffic produced by those worms by sending any reply (even an "antiworm"). I bet you have only good intentions starting an antiworm, but if you do so, you are going to change things on servers, that aren't yours. That's the work of a black hat, though. Write a small script started by cron every night to clean up your logs, or - as I do - to replace the long strings of the worm by a short [CodeRed], [Nimda] etc. message. I want to know what produced which time traffic/load on my servers, even if this was a worm (but I don't need the complete string of the exploit in my logs). Just my 2 cents. Ralf
Hello list-members,
Just an OT-Idea ... not suse-security almost...
i think that lots of you got lots of these annoying access-log entries that are produced by Nimda or CodeRed.
Is there any possiblity of creating an antiworm or something like that? I got this idea because i tried to inform the sys-admins of the server but lots of them ignored me or didnt know what Nimda is...
So i just would like to create a clean solution to stop this worm because it take ages to find relevant informations in my logfiles.
I am not sure if this can be done or if this hurts the law somewhere...
Thanks for any help, suggestions, comments, or "you-cant-do-that-because"-sentences...
Sven Milstein
participants (3)
-
Mathias Homann
-
Ralf Koch
-
Sven Milstein