[Dshield] Perhaps some silly questions, but...

John Draper crunch at shopip.com
Tue Sep 17 21:17:44 GMT 2002

>I'd like to submit my logs, but darn there's so many ways to do so.. None of
>which work "out of the box" for me.
>Is anybody parsing apache logs for codered/nimbda 'attacks' and sending that
>up?  I currently dump most of that stuff to /dev/null but perhaps it could
>be useful.
>I'm using iptables, but currently not setup to log any attempts.  In fact
>I'm not even sure how to go about doing that, and I'd hate to change my
>carefully tweaked and secured configuration and accidentally leave an
>opening.  Can anybody direct me to resources that describe how to Log
>attempts as well as drop/reject them?
>I'm also using portsentry, tried the current client and before It's not
>working for portsentry 1.1, I presume I'll have to 'tweak' the client parser
>for that?  I'd upgrade, but my interface has a dynamic IP (well, hasn't
>changed in quite a while, but it could) and the 2.x version of portsentry
>requires you enter the IP address of the protected interface.
>Thanks for listening ;-).  Feel free to say "RTFM" on any and all questions,
>I'd just hate to re-invent the wheel.

Install Snort...  It does a really good job in detecting nimbda viruses.


More information about the list mailing list