17 Aug
2002
17 Aug
'02
8:28 p.m.
Hi,
You know those annoying Nimda scans you keep finding in your apache logs????
Anybody know if it's possable to create a custom error document for apache which, when the first address in a normal nimda scan is requested, the originators IP is automatically added to the IPTables DROP table, so subsquent requests from that IP time out.
I was thinking about writing a custom page that is returned for that address, containing some perl code to modify the firewall.
Any one got any ideas?
I'm running Apache 2.0.39 with mod_perl 1.99 kernel 2.4.18
Chris
--
Chris
***************************************************************************
E Mail Chris@glovercc.clara.co.uk
WWW http://www.glovercc.clara.co.uk
Someday, we'll look back on this, laugh nervously and change the subject.
-Anon