[Lists] [Configure] [<<] [<] [by Thread] [by Date] [>] [>>] [Months] [Search] [eSubscribe] News Feed

discuss: {OT-Info} ARIS worm notification

Previous by date: 7 Aug 2001 03:15:34 -0000 Re: statistics, David Merrill
Next by date: 7 Aug 2001 03:15:34 -0000 Re: statistics, Jorge Godoy
Previous in thread:
Next in thread: 7 Aug 2001 03:15:34 -0000 Re: {OT-Info} ARIS worm notification, John Peter Tapsell
Subject: {OT-Info} ARIS worm notification
From: Parag Mehta ####@####.####
Date: 7 Aug 2001 03:15:34 -0000
Message-Id: <Pine.LNX.3.96.1010806201421.20641B-100000@indian-nic.net> 
Hi,
As you're aware, the ARIS worm is spreading real fast on the
Internet.  My machine has received nearly 400 ARIS probes from
infected machines since this morning, in about 6 hours of uptime.

SecurityFocus has setup an ARIS notification address.  They will
notify the administrators of infected systems given the IP's of these
systems, which will help curb the spread of the virus.

This is a request to please cull your HTTP logs (if you're running
HTTPD) and send the appropriate information to SecurityFocus.  The
command to do this is:

fgrep ".ida?XXXXX" /var/log/httpd/access_log | \
      cut -d" " -f1,4,5 | \
      sed -e 's/[][]//g' | \
      Mail -s "ARIS Infection Report from httpd access_log" ####@####.####

[Line may have wrapped]

This would work on a RH 6.2 system.  Please use the appropriate path
to your Apache logfile for other systems.

Regards,

PM
Previous by date: 7 Aug 2001 03:15:34 -0000 Re: statistics, David Merrill
Next by date: 7 Aug 2001 03:15:34 -0000 Re: statistics, Jorge Godoy
Previous in thread:
Next in thread: 7 Aug 2001 03:15:34 -0000 Re: {OT-Info} ARIS worm notification, John Peter Tapsell
[Lists] [Configure] [<<] [<] [by Thread] [by Date] [>] [>>] [Months] [Search] [eSubscribe] News Feed
  ©The Linux Documentation Project, 2014. Listserver maintained by dr Serge Victor on ibiblio.org servers. See current spam statz.