Oops - has a bug: should be "return filter_return" at the end... -Jim
>
> Try installing this in your modules/tcl directory:
>
> # procedure to reflect nimda virus calls to (maybe) crash the attacker instead
> ns_log notice "loading nimda.tcl"
> ns_register_filter preauth GET /scripts/* nimda
> proc nimda {conn ignore} {
> set req [ns_conn request]
> set reqlist [split $req " "]
> set url [lindex $reqlist 1]
> set host [ns_conn peeraddr]
> ns_returnredirect http://$host$url
> return
> }
> ns_log notice "nimda.tcl loaded"
>
> Also available at http://www.rubylane.com/public/nimda.tcl.txt
>
> It tells the attacker to attack himself. Not sure if it'll follow the
> redirect, but it's worth a shot.
>
> Jim
>
> >
> > And still more information is at
> > http://www.infoworld.com/articles/hn/xml/01/09/18/010918hnworm.xml?0918alert
> >
>
- [AOLSERVER] Code Rainbow attacks Freddie Mendoza
- Re: [AOLSERVER] Code Rainbow attacks Rusty Brooks
- Re: [AOLSERVER] Code Rainbow attacks Tom Jackson
- Re: [AOLSERVER] Code Rainbow attacks Rusty Brooks
- Re: [AOLSERVER] Code Rainbow attacks Jim Wilcoxson
- Re: [AOLSERVER] Code Rainbow attacks Jim Wilcoxson
- Re: [AOLSERVER] Code Rainbow attacks Jim Wilcoxson
- Re: [AOLSERVER] Code Rainbow attacks Dave Siktberg
- Re: [AOLSERVER] Code Rainbow attacks Jim Wilcoxson
- Re: [AOLSERVER] Code Rainbow attacks Jim Wilcoxson
- Re: [AOLSERVER] Code Rainbow attacks Jim Wilcoxson
- Re: [AOLSERVER] Code Rainbow attacks Chuck Kimber
- Re: [AOLSERVER] Code Rainbow attacks Michael Roberts
- Re: [AOLSERVER] Code Rainbow attacks Jim Wilcoxson
- Re: [AOLSERVER] Code Rainbow attacks Michael A. Cleverly
- Re: [AOLSERVER] Code Rainbow attacks Jim Wilcoxson
- Re: [AOLSERVER] Code Rainbow attacks Jim Wilcoxson
- Re: [AOLSERVER] Code Rainbow attacks Tom Jackson
- Re: [AOLSERVER] Code Rainbow attacks Daniel P. Stasinski
- Re: [AOLSERVER] Code Rainbow attacks Jim Wilcoxson
