The web server will respond with some amount of traffic. I'd imagine the
302 redirect response would be shorter, overall, than a 404 response with
a "not found" page--especially if the site has a custom 404 page.
If the worm actually follows the redirect it will end up talking to itself
and, hence, won't generate any additional Internet traffic.
I am using:
ns_register_proc GET /*.exe nimda_worm
ns_register_proc POST /*.exe nimda_worm
ns_register_proc HEAD /*.exe nimda_worm
proc nimda_worm {} {
set ip [ns_conn peeraddr]
set url http://$ip/[ns_conn url]?[ns_conn query]
ns_log warning "Probable Nimda Worm Detected from $ip, redirecting to $url"
ns_returnredirect $url
}
On Tue, 18 Sep 2001, Chuck Kimber wrote:
> The problem with doing this is that this thing is already causing DoS
> symptoms on the internet due to the massive amount of traffic it is causing.
> Returning it will only double network traffic. Are you sure you want to add
> to the problem?
