[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[cobalt-security] Nimba scanner shell script

Subject: [cobalt-security] Nimba scanner shell script
From: Glen Scott <glen@xxxxxxxxxxxxxxxxxxxx>
Date: Wed, 19 Sep 2001 10:59:14 +0100
List-id: Mailing list for users to address network security on Cobalt products. <cobalt-security.list.cobalt.com>

Hi,

For those of you that are interested in seeing just how many scansyou are getting from the Nimda worm, try running this script as root:


-- start of script --

#!/bin/sh
# glen scott/design solution 2001 <glen@xxxxxxxxxxxxxxxxxxxx>

echo "Nimba worm scanner..."

#count individual scans:

INDIVIDUAL_SCANS=`cat /var/log/httpd/access | grep'/scripts/root.exe?/c+dir' | wc -l`


#show source ip:

#cat /var/log/httpd/access | grep '/scripts/root.exe?/c+dir' | cut -d' ' -f2 | sort | uniq


#count unique source ips:

echo "We have received $INDIVIDUAL_SCANS scans from $UNIQUE differentIP addresses"


-- end of script --

Uncomment the line below '# show source ip' to get a list of everyunique source IP address.


Have fun,

Glen Scott

--
---
  Design Solution Limited
  t: +44 (0)1502 513008
  f: +44 (0)1502 588622
  e: info@xxxxxxxxxxxxxxxxxxxx
  w: http://www.designsolution.co.uk
  Nouvotech House, Harbour Road,
  Oulton Broad, Suffolk, NR32 3LZ, UK
---
DS Knowledge Base http://faq.dessol.co.uk

Follow-Ups:
- Re: [cobalt-security] Nimba scanner shell script
  - From: Kham Vue

Prev by Date: [cobalt-security] New (nimda) WORM [RAQ3]
Next by Date: RE: [cobalt-security] New (nimda) WORM [RAQ3]
Previous by thread: RE: [cobalt-security] New (nimda) WORM [RAQ3]
Next by thread: Re: [cobalt-security] Nimba scanner shell script

Sun Cobalt Security Message Index

Sun Cobalt Security Thread Index