Koozali.org: home of the SME Server

Legacy Forums => Experienced User Forum => Topic started by: Robert Schutz on February 05, 2003, 09:54:25 PM

Title: apache-hits.php updated for sql slammer?
Post by: Robert Schutz on February 05, 2003, 09:54:25 PM

I saw a copy of apache-hits.php on a german web site that was updated for the sql slammer worm. Does anyone know where I can get a copy?

Thanks in advance.
Robert

Title: Re: apache-hits.php updated for sql slammer?
Post by: Rich Lafferty on February 06, 2003, 06:36:03 PM

Well, there's a guy in Germany... :-)

The sql slammer worm doesn't produce http traffic at all; it talks to a
service run by (among other things) MS SQL Server, hence the name.
You can't measure the number of Apache hits you'd get from sql
slammer -- or, I suppose you could, but it would be 0. :-)

Cheers,

  -Rich

Title: Re: apache-hits.php updated for sql slammer?
Post by: Jesper Knudsen on February 10, 2003, 12:33:43 AM

I guess that the stats could be taken from "messages" where you could look for the DPT=1434 which was the slammer port. The main problem here is that there is not access for a PHP script to the /var/log/messages file.
This would also require you to log denied packets with:

/sbin/e-smith/db configuration setprop masq Logging most
/sbin/e-smith/signal-event remoteaccess-update

See:
http://e-smith.org/faq.php3#6q10

Slammer info:
http://securityresponse.symantec.com/avcenter/venc/data/w32.sqlexp.worm.html

Rgds,
Jesper