[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[cobalt-security] Nimba scanner shell script
- Subject: [cobalt-security] Nimba scanner shell script
- From: Glen Scott <glen@xxxxxxxxxxxxxxxxxxxx>
- Date: Wed, 19 Sep 2001 10:59:14 +0100
- List-id: Mailing list for users to address network security on Cobalt products. <cobalt-security.list.cobalt.com>
Hi,
For those of you that are interested in seeing just how many scans
you are getting from the Nimda worm, try running this script as root:
-- start of script --
#!/bin/sh
# glen scott/design solution 2001 <glen@xxxxxxxxxxxxxxxxxxxx>
echo "Nimba worm scanner..."
#count individual scans:
INDIVIDUAL_SCANS=`cat /var/log/httpd/access | grep
'/scripts/root.exe?/c+dir' | wc -l`
#show source ip:
#cat /var/log/httpd/access | grep '/scripts/root.exe?/c+dir' | cut -d
' ' -f2 | sort | uniq
#count unique source ips:
UNIQUE=`cat /var/log/httpd/access | grep '/scripts/root.exe?/c+dir' |
cut -d ' ' -f2 | sort | uniq | wc -l`
echo "We have received $INDIVIDUAL_SCANS scans from $UNIQUE different
IP addresses"
-- end of script --
Uncomment the line below '# show source ip' to get a list of every
unique source IP address.
Have fun,
Glen Scott
--
---
Design Solution Limited
t: +44 (0)1502 513008
f: +44 (0)1502 588622
e: info@xxxxxxxxxxxxxxxxxxxx
w: http://www.designsolution.co.uk
Nouvotech House, Harbour Road,
Oulton Broad, Suffolk, NR32 3LZ, UK
---
DS Knowledge Base http://faq.dessol.co.uk