Koozali.org: home of the SME Server
  1. Koozali.org: home of the SME Server
  2. Legacy Forums
  3. Experienced User Forum
  4. Topic: Disabling Nimda and Code Red machines..
« previous next »
Pages: 1 [2]  All   Go Down

Disabling Nimda and Code Red machines..

  • 21 Replies
  • 3216 Views

Ari Novikoff

Re: Constructive solutions to clean-up (was Disabling Nimda
« Reply #15 on: April 25, 2002, 07:14:29 PM »
Andy MacDonald wrote:
> I do like to have a life rather than send 500 emails a week.

I can relate Andy, but in all honesty I've not installed the script myself. All I did was create the RPM.

> I would also like to make a .rpm that somehow encourages
> people to randomly bitch slap system admins who put unpatched
> vulnerable machines onto the net.

LOL! What a concept!

> The cmd.exe presents a limited set of options to the person
> exploiting the vulnerability. It would not be hard to modify
> that script to take advantage of a few more distructive
> variations.

And we all know that self-propogating polymorphic viruses are just around the corner (if they're not already out there...)

> Ari. You are a legend. Thanks very much.

Wow... All I did was package up someone else's script... really, it was nothing... but thanks anyway :)


Ari
Logged

sidney

Re: Constructive solutions to clean-up (was Disabling Nimda
« Reply #16 on: April 26, 2002, 07:41:09 PM »
Is there away to see if the script is working?
some kind of log?

can the rpm be uninstalled? & how?



Thanks
P.S I agree with Andy

Thanks Ari for putting the rpm together
Logged

Ari

Re: Constructive solutions to clean-up (was Disabling Nimda
« Reply #17 on: April 26, 2002, 09:57:34 PM »
I haven't done an uninstall segment to the RPM, but you can always remove the script manually.

There's a couple of small changes that I'll have to make to the script to make sure that it works properly, but I'm kinda tied up right now with other stuff (the Snort/Acid/Guardian project for one...) so I'll get to it when I get some time. Maybe later this weekend.

As for using the rpm right now, yes, you could... But there's a couple of extra steps you'll need to take... check out the link at the start of this thread and you'll see what I'm talking about.

The next release of the rpm should incorporate all of that.

Ari
Logged

Time

Re: Constructive solutions to clean-up (was Disabling Nimda
« Reply #18 on: May 11, 2002, 06:13:17 AM »
What happened to the RPM.....I went to:

http://www.marari.net/downloads/nimda_disabler-1.0/ari-mitel-nimda_disabler-1.0-01.noarch.rpm

Would really like to find it...can anyone help?

Thanks!
Logged

guestHH

Re: Constructive solutions to clean-up (was Disabling Nimda
« Reply #19 on: May 11, 2002, 12:09:01 PM »
Hi Time,

For the time being you can always install it manually. Get more info from the original post by Andy.

Regards,
guestHH
Logged

Time

Re: Constructive solutions to clean-up (was Disabling Nimda
« Reply #20 on: May 11, 2002, 12:50:34 PM »
I did just that Hsing.

Thanks
Logged

Dan G.

Re: Constructive solutions to clean-up (was Disabling Nimda
« Reply #21 on: May 13, 2002, 08:30:05 PM »
Is anyone who is using this getting entries in their /tmp/nimda.log?  I have had it running for weeks, and not gotten a single entry.  Apache-hits.php shows about 600 hits in that same time period...

Dan
Logged
Pages: 1 [2]  All   Go Up
« previous next »
  1. Koozali.org: home of the SME Server
  2. Legacy Forums
  3. Experienced User Forum
  4. Topic: Disabling Nimda and Code Red machines..