[Esd-l] Nimda/IIS worms defense.
Bill Larson
blarson at compu.net
Mon Sep 24 06:44:01 PDT 2001
I know, I think the affect is mostly psychological but several people have
said that the worm requests slows down dramatically once they put those in.
So who knows.
----- Original Message -----
From: "Peter Hanecak" <hanecak at megaloman.com>
To: "John D. Hardin" <jhardin at impsec.org>
Cc: "Email Security Discussion list" <Esd-l at spconnect.com>
Sent: Monday, September 24, 2001 1:39 AM
Subject: Re: [Esd-l] Nimda/IIS worms defense.
> Hello,
>
> On Fri, 21 Sep 2001, John D. Hardin wrote:
>
> > On Fri, 21 Sep 2001, Bill Larson wrote:
> >
> > > RedirectMatch (.*)\cmd.exe$ http://127.0.0.1/
> > > RedirectMatch (.*)\default.ida$ http://127.0.0.1/
> > > RedirectMatch (.*)\root.exe$ http://127.0.0.1/
> >
> > Gawd! I wonder how many times the webserer would reinfect itself
> > before it came grinding to a halt...?
>
> well, NIMDA is not a browser so IMO it just ignores request results
> whether it is OK, ERROR or MOVED. Thus such redirect (again IMO) wont
> cause more reinfections (or more trafic) to infected site. Same as CodeRed
> sending ISS exploits to Apache servers not caring about result (i.e.
> actively checking it or whatever).
>
> Sincerely
>
> Peter Hanecak
>
> --
> ===================================================================
> Peter Hanecak <hanecak at megaloman.com>
> GPG pub.key: http://www.megaloman.com/gpg/hanecak-megaloman.txt
> ===================================================================
> _______________________________________________
> Esd-l mailing list
> Esd-l at spconnect.com
> http://www.spconnect.com/mailman/listinfo/esd-l
More information about the esd-l
mailing list