Re: nimda probes

To: debian-user@lists.debian.org
Subject: Re: nimda probes
From: Craig Dickson <crdic@yahoo.com>
Date: Thu, 20 Sep 2001 15:12:19 -0700
Message-id: <[🔎] 20010920151219.A14637@crdic.ath.cx>
In-reply-to: <[🔎] 20010921072445.A9455@sammo.gnubies.com>
References: <[🔎] 20010920165523.A7663@sammo.gnubies.com> <[🔎] 007b01c141f0$2a38b340$0464b10a@orthogony.net> <[🔎] 20010921072445.A9455@sammo.gnubies.com>

Sam Varghese wrote:

> Looking at my logs, it seems to work:
> 
> GET /cmd.dll HTTP/1.0" 302
> 
> GET /c/winnt/system32/cmd.exe?/c+dir HTTP/1.0" 302
> 
> Same Apache redirect response as for /default.ida
> and that, I know, works.

Depends what you mean by "works". Apache is sending the redirect message
that you want it to send. The virus is probably ignoring it, though.

Craig

Reply to:

References:
- nimda probes
  - From: Sam Varghese <sam@gnubies.com>
- Re: nimda probes
  - From: "Greg Wiley" <greg@orthogony.com>
- Re: nimda probes
  - From: Sam Varghese <sam@gnubies.com>

Prev by Date: Re: .config in kernel source?
Next by Date: Re: nimda probes
Previous by thread: Re: nimda probes
Next by thread: Re: nimda probes
Index(es):
- Date
- Thread