> > Twits running IIS who have been infected with nimda and codered. You can't > > do much else but ignore it, or block them. Either way, you get to pay for > > the traffic. Kinda like SPAM, really. > > The only effective solution I can think of is to have the web server > rewrite URL's that are known to indicate infected machines so they call a > cgi script. The cgi would then need to connect to another process which has > access to modify the ip tables in the kernel to block that IP address. This > would allow the first connection through but block the subsequent ones. Has > anyone tried this? Did you find software to do it or write it yourself? > > Rich
I don't actually see how any attempts to block the traffic at your host will prevent you being charged for that traffic. It may stop filling up your logs if you are running an active web server, but for the effort logs are fairly cheap things. The only useful thing I see in this would be to alert dumb NT admins that their boxes have worms and need cleaning out ASAP... Dave -- SLUG - Sydney Linux User Group Mailing List - http://slug.org.au/ More Info: http://lists.slug.org.au/listinfo/slug
