[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Re: iptables filtering rules

On Mon, Mar 25, 2002 at 06:01:45AM -0300, Luiz Carlos Santos de Alencar wrote:
> Andrew Tait wrote:
> I've checked up one of that IPs; it's being used right now by a web
> server pretty much infected with I-Worm.Nimda.A! AVG identification.
> The standard page delivers a "readme.eml" file in a pop-up  window;
> less then a minute to have an infected "readme.exe" being executed.
> I've heard about it, but never had seen until then.
> From a Linux box is safe to acess http  216.72.135.102  and  verify
> that the host is infecting all the Window$ based visitors machines,
> using X/wav OE vulnerability, so far I know (*Atention* Do not try
> from a Win box; it's vulnerable).
> By the way, what to do about it...

    The polite thing to do is to inform the owner of the machine. 

    If that is not possible, or you feel particularly bastardly, hack
    the freaken thing and wipe it's drives.

    And/or contact their upstream provider to get their IP feed pulled. 

-- 
Share and Enjoy. 


-- 
To UNSUBSCRIBE, email to debian-security-request@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
Reply to: