search for: nimda

...ble), then that would be VERY useful. This functionality could also be useful for mail servers, ftp servers, and just about anything else where you know what the attack looks like in the logs. For instance, I run a web server (not the one below, yet) that is getting slammed by people infected with Nimda. Logs show multiple requests by the same client for "cmd.exe" and "root.exe". Sometimes there''s only one or two sessions of these requests, and sometimes they keep coming back again and again. Problem is, I don''t have the time to scour the logs and blacklist...

Hello, we are interested to learn how Shorewall can be configured to look into a packet''s payload, say to look for footprints of Red Code or Nimbda (for example). From the site web page features section we understand Shorewall only looks into the packet''s header. Your enlightening answer will be appreciated. Regards Jose.

Hallo, my noisy time series represent a fading signal comprising of long enough parts with a simple trend inside of each such a part. Transition from one part into another is always a non-smooth and very sharp/acute. In other words I have a piecewise polynomial noisy curve asymptotically converging to the biased constant, points between pieces are non-differentiable. I am looking for

The README.Win32-Viruses file distributed with Samba 2.2.2 gives procedures for trying to stop the Nimda virus on Samba shares. It contains mostly good info and it is a good idea to implement this extra level of protection but there is one thing to watch out for. The README says to veto the file "riched20.dll" (along with a few others). This is fine unless you are using your Samba box as...

Hi all, Last week we were infected with the Nimda virus. Our machines are clear now but I was wondering if there was a way in samba to stop .eml files being created on shares. As this virus spreads through shares on machines samba shares are vulnerable. Any ideas?? P.S. All of our e-mail is virused scanned, so no problem there ------------- Kris...

...ot without any axes, then add each axis with a separate "axis" statement. But perhaps there is a way to get the desired behavior in the first place? Incidentally, I can't check documentation for R 1.3.1 because, due to my company's slow and extremely conservative response to the Nimda worm, I can't access the web (I now realize how much I use it!). Apologies in advance if the latest R version has already handled this. Jim Garrett Becton Dickinson Baltimore, Maryland, USA -.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.- r-help mailing list -...

e.g. string-matching CodeRed or Nimda viruses before they hit your Web server. The following rules achieve this: # DROP HTTP packets related to CodeRed and Nimda # viruses silently iptables -t filter -A INPUT -i $EXT_IFACE -p tcp \ -d $IP --dport http -m string \ --string "/default.ida?" -j DROP iptables -t filter -A I...

When running: smbclient \\server\tmp , I get the message: "added interface ip=my.ip.address bcast=another.ip.address nmask=255.255.255.248 Connection to server failed" Not able to locate this error in docs or o'reilly samba book, can anyone help? tia -------------------------------------------- METAgency - Media and Ecommerce Technology Ph: (775) 284-8657 Fax: (775) 284-8658

Is it possible to block packets based on content? I would specifically like to block the script kiddies " GET /script/*" packets from reaching my webserver. Thanks for your time, Steve

...ers] comment = Links to all the user's home directories path = /etc/samba/users # it is too easy for somebody to drag and drop the whole # thing in the trash, so don't allow writes here # they can always access their own directory via [homes] browseable = yes # Well, it happened. The Nimda Worm clobbered thousands of 777 files # because of this being writable. Never, ever, make this a writable # share! # gaa, Thu Sep 20 20:36:04 EDT 2001 writable = no # Here we manually create symbolic links to the other servers. [hosts] comment = Links to other file servers in the same NIS domai...

...visions did not exist? >> I don?t see why we can?t take some responsibility for this mess and try to build up some herd immunity. > > Because there is no such thing when it comes to computers. Pay more attention to history. Once upon a time, we had the likes of Blaster, Code Red and Nimda, which continuously flooded the internet with traffic intended to find exploitable holes in Microsoft OSes. They kept finding new boxes so frequently that normal efforts consistent with contemporaneous practice entirely failed to stamp them out. https://en.wikipedia.org/wiki/Code_Red_(computer_...

PLEASE HELP ME!!! For some reason, I can not change any of my shares! I just started trying to configure samba yesterday. Here is what I have: (2) Windows 98 SE Systems (1) Debian 2.2 r 3 Linux System running Samba The username on the Windows machines is "Name" and I want to be able to access a few shares on the Samba machine. So I started configuring

...fix=/usr/local/openssh \ --with-ldflags=-L/usr/freeware/lib32 \ --with-cflags=-I/usr/freeware/include If you don't tweak those flags it won't compile. OpenSSH rocks! :o) -- Florin Andrei "In theory, under the new computer security law, anyone whose computer was infected by Nimda/CodeRed could be imprisoned for life -- the new law says nothing about intent. So, basically we would have a few million Microsoft Windows users serving life sentences..." - Dan Hollis

...like this: ActionController::RoutingError (no route found to match "/MSOffice/ cltreq.asp" with {:method=>:get}): They''re harmless, but I''d like to just send these to the bitbucket rather than have them fill up my log file. Suggestions? And no, this isn''t Nimda. I checked. :) Regards, Dan --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. To post to this group, send email to rubyonrails-talk-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org To unsub...

Given the following situation: I have 2 different home directories. If a user logs on to 'home directory 1', can that particular user browse into 'home directory 2' or other directories? The reason for this question is that I need a server on which can be accessed by the corporate staff and by the personel. However, the personel may not be able to gain acces to financial and

...source of small set of hosts so it does not suggest security scanning, nor some worm or virus. Comparing to a Samba 2.x system (on Solaris, compiled from source) - that is located on same subnet, and is advertised system - we do \not\ see connection requests from these same systems. We are aware NIMDA would find open Samba fileshares to dump payload, but we do not see similar requests between Solaris/Samba 2.x and Linux/Samba 3.x systems. Since we are not seeing on Samba 2.x, we think is some "feature" of 3.x which we do not yet understand. Any advise? Spasibo...

Just wondering if anyone has thoughts (good or bad) about this product (RAV AntiVirus for Samba (Linux i386))...or any other? I have a client that wants to have A/V *on* their samba server, rather than just scanning the shares from a WS. Any comments regarding ANTIVIRUS PROTECTION and SAMBA are gratefully welcome! TIA -Ryan Beisner

...rng lppause command = lpc hold -P%p %j lpresume command = lpc resume -P%p %j browseable = no include = /etc/samba/smb.conf.%L smb.conf.alias [print$] path = /usr/share/samba/printers browseable = yes read only = yes write list = root, nimda [cprmlj] comment = Copy Room HP 4000 path = /var/spool/samba read only = No guest ok = Yes printable = Yes printer name = cprmlj browseable = yes # oplocks = No

On Wed, Jul 29, 2015 at 4:37 PM, Warren Young <wyml at etr-usa.com> wrote: > Security is *always* opposed to convenience. False. OS X by default runs only signed binaries, and if they come from the App Store they run in a sandbox. User gains significant security with this, and are completely unaware of it. There is no inconvenience. What is the inconvenience of encrypting your device

Hello, I''m a very happy user of shorewall but I have found a problem or maybe a misconfiguration I made which I can not resolve. I use a fairly large blacklist based on probes, nimda & codered attacks, proxy & relay probes etc. The only problem is that I want to block incoming trafic on all ports FROM a block but it does also block a httpd, ping etc TO a ip in a block what I do not want. For example today I got a CodeRed probe on my apache server from an infected Kore...