This is probably a little late, but those that want to watch the worm
while it wanders might care to use a little tool I've written. Running on
a Linux machine with an alias for every otherwise-unused IP address on
a (small) block, it listens on port 80 and logs the source/destination
and a bit of the URL fetched. Written in perl, it can be found with a
small writeup at http://www.unixwiz.net/tools/websnarf.html

On my /27 it's recording about 30 per hour.

Steve

Mod: dump this if too late to be interesting.

---
Stephen J Friedl | Software Consultant | Tustin, CA | +1 714 544-6561
www.unixwiz.net | I speak for me only | KA8CMY | steveunixwiz.net

----------------------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management
and tracking system please see: http://aris.securityfocus.com

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]