Re: nimda probes
On: Thursday, September 20, 2001 2:09 PM, sam@gnubies.com
> > > the worm wouldn't even know the difference, to it it looks like it
would
> > > hit microsofts site from your url if it tries those extentions.
> > Not correct, it gets a Redirect as the response, and it's its
> > responsibility to follow it, unless it's using a toolkit that does so
> > automatically.
> >
> > Code Red, for instance, wouldn't follow redirects.
> try calling default.ida from my server --
Here is the request:
GET /default.ida HTTP/1.0
Here is what your server returns:
HTTP/1.1 302 Found
Date: Thu, 20 Sep 2001 22:18:42 GMT
Server: Apache/1.3.9 (Unix) Debian/GNU
Location: http://www.gnubies.com/mess.html
Connection: close
Content-Type: text/html; charset=iso-8859-1
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<HTML><HEAD>
<TITLE>302 Found</TITLE>
</HEAD><BODY>
<H1>Found</H1>
The document has moved <A
HREF="http://www.gnubies.com/mess.html">here</A>.<P>
</BODY></HTML>
The Location: header signals the user agent that the resource is
at a different location (redirect). The user agent is usually a
browser that knows how to do this (the HTML code is there
in case it does not). Code Red ignores Location:. Don't know
if nimba does or not.
-g
Reply to: