[Dshield] Code Red Data Collection.

Joseph Shraibman jks at selectacast.net
Wed Aug 8 19:42:43 GMT 2001


OK I put this in my httpd.conf:
<Location /default.ida*>
    Deny from all
    ErrorDocument 403 http://feeds.dshield.org/default.ida
</Location>

And have seen some of them go by so far:
[Wed Aug  8 15:10:12 2001] [error] [client 64.7.196.93] client denied by
server configuration: /local/www/htdocs/default.ida
[Wed Aug  8 15:25:44 2001] [error] [client 64.7.8.205] client denied by
server configuration: /local/www/htdocs/default.ida
[Wed Aug  8 15:33:54 2001] [error] [client 64.109.173.153] client denied
by server configuration: /local/www/htdocs/default.ida
[Wed Aug  8 15:34:00 2001] [error] [client 64.7.46.220] client denied by
server configuration: /local/www/htdocs/default.ida

Do you want me to do something like change the trap to
http://feeds.dshield.org/default.ida?trap-from-my.machine.com ?


-- 
Joseph Shraibman
jks at selectacast.net
Increase signal to noise ratio.  http://www.targabot.com




More information about the list mailing list