Re: "suspicious" apache log entries

To: debian-security@lists.debian.org
Subject: Re: "suspicious" apache log entries
From: Michael Renzmann <mrenzmann@dylanic.de>
Date: Tue, 10 Sep 2002 14:15:14 +0200
Message-id: <[🔎] 3D7DE252.5050508@dylanic.de>
References: <[🔎] 20020910095824.GA37101@doorstop.net> <[🔎] ABEKLOAPHGEAANDBAIFFAEKCCHAA.mmweber@ncpro.com> <[🔎] 20020910115301.A18717@pigeonhold.com>

Hi.

Doug Winter wrote:

It claimed that the HTTP libraries used by Nimda and Code Red were
generic, and could be fooled by sending a redirect response like:
Location: http://127.0.0.1/

Nice idea. Would it be enough to redirect them to the localhost-ip, orshould the URI of the original request be appended to the redirection?


Bye, Mike

Reply to:

References:
- Re: "suspicious" apache log entries
  - From: Vineet Kumar <debian-security@virtual.doorstop.net>
- AW: "suspicious" apache log entries
  - From: "Marcel Weber" <mmweber@ncpro.com>
- Re: "suspicious" apache log entries
  - From: Doug Winter <doug@pigeonhold.com>

Prev by Date: Re: AW: "suspicious" apache log entries
Next by Date: Re: "suspicious" apache log entries
Previous by thread: Re: "suspicious" apache log entries
Next by thread: Re: AW: "suspicious" apache log entries
Index(es):
- Date
- Thread