[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Unidentified subject!

Hello,
Everyday in my site many IP's point to my httpd server NIMDA attacking it... I would like to block or DROP this packages but they go to port 80 which of course I cant block totally. 

Anyone knows if there is a special rule or chain to block this?

The attacks in my apache access log look like this:
157.red-80-59-122.pooles.rima-tde.net - - [24/Nov/2002:08:44:57 +0100] "GET /MSADC/root.exe?/c+dir HTTP/1.0 
" 404 13936 "-" "-"
157.red-80-59-122.pooles.rima-tde.net - - [24/Nov/2002:08:45:01 +0100] "GET /c/winnt/system32/cmd.exe?/c+di 
r HTTP/1.0" 404 13966 "-" "-"
157.red-80-59-122.pooles.rima-tde.net - - [24/Nov/2002:08:45:06 +0100] "GET /d/winnt/system32/cmd.exe?/c+di 
r HTTP/1.0" 404 13966 "-" "-"
157.red-80-59-122.pooles.rima-tde.net - - [24/Nov/2002:08:45:11 +0100] "GET /scripts/..%255c../winnt/system 
32/cmd.exe?/c+dir HTTP/1.0" 404 14008 "-" "-"
157.red-80-59-122.pooles.rima-tde.net - - [24/Nov/2002:08:45:15 +0100] "GET /_vti_bin/..%255c../..%255c../. 
.%255c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 14059 "-" "-"
157.red-80-59-122.pooles.rima-tde.net - - [24/Nov/2002:08:45:20 +0100] "GET /_mem_bin/..%255c../..%255c../. 
.%255c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 14059 "-" "-"



-daniel
http://www.debian-gnu.com



_________________________________________________________________
Charla con tus amigos en línea mediante MSN Messenger: http://messenger.microsoft.com/es
Reply to: