Koozali.org: home of the SME Server
  1. Koozali.org: home of the SME Server
  2. Legacy Forums
  3. Experienced User Forum
  4. Topic: apache-hits.php updated for sql slammer?
« previous next »
Pages: [1]   Go Down

apache-hits.php updated for sql slammer?

  • 2 Replies
  • 486 Views

Robert Schutz

apache-hits.php updated for sql slammer?
« on: February 05, 2003, 09:54:25 PM »
I saw a copy of apache-hits.php on a german web site that was updated for the sql slammer worm. Does anyone know where I can get a copy?

Thanks in advance.
Robert
Logged

Rich Lafferty

Re: apache-hits.php updated for sql slammer?
« Reply #1 on: February 06, 2003, 06:36:03 PM »
Well, there's a guy in Germany... :-)

The sql slammer worm doesn't produce http traffic at all; it talks to a
service run by (among other things) MS SQL Server, hence the name.
You can't measure the number of Apache hits you'd get from sql
slammer -- or, I suppose you could, but it would be 0. :-)

Cheers,

  -Rich
Logged

Jesper Knudsen

Re: apache-hits.php updated for sql slammer?
« Reply #2 on: February 10, 2003, 12:33:43 AM »
I guess that the stats could be taken from "messages" where you could look for the DPT=1434 which was the slammer port. The main problem here is that there is not access for a PHP script to the /var/log/messages file.
This would also require you to log denied packets with:

/sbin/e-smith/db configuration setprop masq Logging most
/sbin/e-smith/signal-event remoteaccess-update

See:
http://e-smith.org/faq.php3#6q10

Slammer info:
http://securityresponse.symantec.com/avcenter/venc/data/w32.sqlexp.worm.html

Rgds,
Jesper
Logged
Pages: [1]   Go Up
« previous next »
  1. Koozali.org: home of the SME Server
  2. Legacy Forums
  3. Experienced User Forum
  4. Topic: apache-hits.php updated for sql slammer?