As you may be aware, Nimda will actually share out your C:\. At first, when I felt I should 'do my part' I would actively place a README.TXT file on their All Users\Desktop directory explaining that they had the virus, which allowed me to access their computer and place this file - and could they please clean it up and do the world a favour.
These days, I really don't have the time or patience. :) Oh, and another thing, what I found was the majority of the people with this 'problem' were Joe Users with Personal Webserver, probably connecting up via a dynamic IP connection - therefore, I wouldn't recommend 'black-listing' IP addresses, I don't think its worth the time. Stephan -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of David Kempe Sent: Saturday, 5 January 2002 12:09 AM To: Rich Buggy; [EMAIL PROTECTED] Subject: Re: [SLUG] newbie trying to secure his box > > Twits running IIS who have been infected with nimda and codered. You can't > > do much else but ignore it, or block them. Either way, you get to > > pay for > > the traffic. Kinda like SPAM, really. > > The only effective solution I can think of is to have the web server > rewrite URL's that are known to indicate infected machines so they > call a cgi script. The cgi would then need to connect to another > process which has > access to modify the ip tables in the kernel to block that IP address. This > would allow the first connection through but block the subsequent > ones. Has > anyone tried this? Did you find software to do it or write it > yourself? > > Rich I don't actually see how any attempts to block the traffic at your host will prevent you being charged for that traffic. It may stop filling up your logs if you are running an active web server, but for the effort logs are fairly cheap things. The only useful thing I see in this would be to alert dumb NT admins that their boxes have worms and need cleaning out ASAP... Dave -- SLUG - Sydney Linux User Group Mailing List - http://slug.org.au/ More Info: http://lists.slug.org.au/listinfo/slug -- SLUG - Sydney Linux User Group Mailing List - http://slug.org.au/ More Info: http://lists.slug.org.au/listinfo/slug
