I realize that readers might be getting tired of the pipe-related tricks, but here's a quick one that may be of use to anyone running a webserver from OSX. As you realize, the Net is in for yet another round of annoyance with the introduction of the nimda worm. Like its CodeRed predecessors, it primarily targets Microsoft IIS servers, not Apache which is installed by default with OSX. While Apache is immune to this PARTICULAR attack**, it is still affected by the fact that an infected Windows system will launch hundreds of attempts to find other vulnerable systems, thereby creating a denial-of-service situation across the Internet.
Anyhow, if you do serve HTTP from your OSX box, here's a quick way to check if a nimda-infected system has contacted yours:
grep -i "_vti_bin" /var/log/httpd/access_log* | cut -f 1 -d ' ' | sort | uniqto show all the unique IPs of infected systems. Or you could add:
| wc -lto the end of the above command to just see the total number of different attempts made.
Mac OS X Hints
http://hints.macworld.com/article.php?story=20010918233003581