Date: Sat, 29 Sep 2001 10:25:04 +0200 (SAST) From: The Psychotic Viper <psyv@sec-it.net> To: Kory Hamzeh <kory@avatar.com> Cc: Edwin Groothuis <edwin@mavetju.org>, <freebsd-questions@FreeBSD.ORG> Subject: RE: Apache server log Message-ID: <20010929101752.C17717-100000@lucifer.fuzion.ath.cx> In-Reply-To: <004901c147c3$196f3d80$14ce21c7@avatar.com>
next in thread | previous in thread | raw e-mail | index | archive | help
Hi, On Thu, 27 Sep 2001, Kory Hamzeh wrote: > I briefly looked at those script and it looks it does NOT send an e-mail for > each scan attempt, but rather one for each IP address per day. I don't think > that that is unreasonable. All of our web servers have been effected by > nimda to the point that we had to use filters to block out access to them. > All of this because a certain company doesn't know how to write software > that isn't secure -- instead we get Virus De Jour. I havent looked at the script itself, but the basic idea is similar. Fair enough its for one ip but in my experience the chance of the same host scanning me twice in the same day is rare (if not never happened), also I have taken a look at a few logs of systems I have online 24/7 and are noticing an alarming rate of around 1500+ UNIQUE ips connecting to me in a day and wouldnt be surprize if someone out there found more. Nimda can get scary because it can infect entire LANs and not a nice thing when said LAN has about 30 machines for example. And no comment on the "certain company" who doesnt write secure software, thats best left unsaid.:) PsyV To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20010929101752.C17717-100000>