[Dshield] IIS Logs

Erick Brockway ebrockway at earthlink.net
Sat Mar 30 06:43:37 GMT 2002

        Well, perl ran the bit you posted, but didn't send. Not that I saw
anyway. The script I'm using has the following for a trigger;

use LWP::UserAgent;


@NIMDA_attacks = ("MSADC/root.exe",



        All of which I added I think the bottom 7 lines to update it with
the more recent Get requests.
        The full script is here;
          Yours if you want to see what it does is here;

-----Original Message-----
From: list-admin at dshield.org [mailto:list-admin at dshield.org]On Behalf Of
John Hardin
Sent: Friday, March 29, 2002 9:27 AM
To: DShield mailing list
Subject: RE: [Dshield] IIS Logs

Here's one possibility.

httpd.conf:    AddHandler cgi-script .ida

Perl script named default.ida in the webserver root:

-snipped for brevity-

More information about the list mailing list