Re: nimda probes
On: Thursday, September 20, 2001 2:09 PM, email@example.com
> > > the worm wouldn't even know the difference, to it it looks like it
> > > hit microsofts site from your url if it tries those extentions.
> > Not correct, it gets a Redirect as the response, and it's its
> > responsibility to follow it, unless it's using a toolkit that does so
> > automatically.
> > Code Red, for instance, wouldn't follow redirects.
> try calling default.ida from my server --
Here is the request:
GET /default.ida HTTP/1.0
Here is what your server returns:
HTTP/1.1 302 Found
Date: Thu, 20 Sep 2001 22:18:42 GMT
Server: Apache/1.3.9 (Unix) Debian/GNU
Content-Type: text/html; charset=iso-8859-1
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
The document has moved <A
The Location: header signals the user agent that the resource is
at a different location (redirect). The user agent is usually a
browser that knows how to do this (the HTML code is there
in case it does not). Code Red ignores Location:. Don't know
if nimba does or not.