Below is a "judo" trick, using HTTP redirection for Apache, to deflect the nimda GETs back to the attacker.
I suppose some of you MS aces could try to come up with equivalent for IIS? Len ---------------- >From: pat parrinello <[EMAIL PROTECTED]> >To: [EMAIL PROTECTED] >Subject: [isp-linux] Buaaa Haaa Ha Haaaaaaaaa... >Date: Fri, 21 Sep 2001 12:23:51 -0500 >X-Mailer: KMail [version 1.2] >List-Unsubscribe: <mailto:[EMAIL PROTECTED]> >Reply-To: [EMAIL PROTECTED] >X-INTM-Message-Id: ><INTM-62637-1230220-2001.09.21-12.25.24--lconrad#[EMAIL PROTECTED]> >X-Virus-Scanned: by VirusGate.MEIway.com >X-RCPT-TO: <[EMAIL PROTECTED]> > > > RedirectMatch (.*)\cmd.exe$ http://127.0.0.1 > > Server Judo. > > Stick it in server directory container in httpd.conf > Restart apache >-- >~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ >~~Linux-In a world with no fences, who needs Gates??~~ > Oxymoron of the century: Microsoft Security >~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ > >^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ >Penguinistas! Find out the latest news, tips and opinions >making its way through the Linux industry. >http://www.linuxplanet.com/linuxplanet/ > >_____________ The ISP-LINUX Discussion List _____________ >To Join: mailto:[EMAIL PROTECTED] >To Remove: mailto:[EMAIL PROTECTED] >Archives: http://isp-lists.isp-planet.com/isp-linux/archives/ http://MenAndMice.com/DNS-training http://BIND8NT.MEIway.com : ISC BIND 8.2.4 for NT4 & W2K http://IMGate.MEIway.com : Build free, hi-perf, anti-abuse mail gateways ______________________________________________________________________ The HKSI-IMail Admin List is hosted by........ Humankind Systems, Inc. Questions, Comments or Complain like Hell.. mailto:[EMAIL PROTECTED] Message Archive... http://www.tallylist.com/archives/index.cfm/mlist.4 To Manage your Subscription......... http://humankindsystems.com/lists
