Re: nimda probes

To: debian-user@lists.debian.org
Subject: Re: nimda probes
From: Craig Dickson <crdic@yahoo.com>
Date: Thu, 20 Sep 2001 14:47:26 -0700
Message-id: <[🔎] 20010920144726.A13721@crdic.ath.cx>
In-reply-to: <[🔎] 20010921070918.A9194@sammo.gnubies.com>
References: <[🔎] 20010920165523.A7663@sammo.gnubies.com> <[🔎] 20010920091558.C914@hudson> <[🔎] 20010920074940.C30008@m-tech.ab.ca> <[🔎] 877kuuexzp.fsf@wesley.springies.com> <[🔎] 20010921070918.A9194@sammo.gnubies.com>

Sam Varghese wrote:

> > Code Red, for instance, wouldn't follow redirects.
> 
> try calling default.ida from my server -- 
> 
> http://www.gnubies.com/default.ida

What for? If I do so with a browser, I'll presumably get redirected. But
the virus wouldn't, because IT ISN'T A BROWSER AND DOESN'T SUPPORT HTTP
REDIRECTS.

Let's be clear on how redirects work. If someone requests default.ida
from your machine, he gets back a response saying, "redirect to
microsoft.com". A regular web browser will handle this by automatically
issuing a request to microsoft.com, but that's only because browsers
have error handling code that knows what an HTTP redirect is and what to
do with it. The virus isn't a browser and doesn't support redirects, so
setting one up is a complete waste of time that accomplishes nothing.

Craig

Reply to:

References:
- nimda probes
  - From: Sam Varghese <sam@gnubies.com>
- Re: nimda probes
  - From: dman <dsh8290@rit.edu>
- Re: nimda probes
  - From: Adam McDaniel <adamm@psynch.com>
- Re: nimda probes
  - From: Alan Shutko <ats@acm.org>
- Re: nimda probes
  - From: Sam Varghese <sam@gnubies.com>

Prev by Date: Re: building a kernel
Next by Date: disk partitioning problems
Previous by thread: Re: nimda probes
Next by thread: Re: nimda probes
Index(es):
- Date
- Thread