Re: nimda probes
Sam Varghese wrote:
> > Code Red, for instance, wouldn't follow redirects.
>
> try calling default.ida from my server --
>
> http://www.gnubies.com/default.ida
What for? If I do so with a browser, I'll presumably get redirected. But
the virus wouldn't, because IT ISN'T A BROWSER AND DOESN'T SUPPORT HTTP
REDIRECTS.
Let's be clear on how redirects work. If someone requests default.ida
from your machine, he gets back a response saying, "redirect to
microsoft.com". A regular web browser will handle this by automatically
issuing a request to microsoft.com, but that's only because browsers
have error handling code that knows what an HTTP redirect is and what to
do with it. The virus isn't a browser and doesn't support redirects, so
setting one up is a complete waste of time that accomplishes nothing.
Craig
Reply to: