[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: nimda probes

On: Thursday, September 20, 2001 2:09 PM, sam@gnubies.com
> > > the worm wouldn't even know the difference, to it it looks like it
> > > hit microsofts site from your url if it tries those extentions.

> > Not correct, it gets a Redirect as the response, and it's its
> > responsibility to follow it, unless it's using a toolkit that does so
> > automatically.
> >
> > Code Red, for instance, wouldn't follow redirects.

> try calling default.ida from my server --

Here is the request:

    GET /default.ida HTTP/1.0

Here is what your server returns:

    HTTP/1.1 302 Found
    Date: Thu, 20 Sep 2001 22:18:42 GMT
    Server: Apache/1.3.9 (Unix) Debian/GNU
    Location: http://www.gnubies.com/mess.html
    Connection: close
    Content-Type: text/html; charset=iso-8859-1

    <TITLE>302 Found</TITLE>
    The document has moved <A

The Location: header signals the user agent that the resource is
at a different location (redirect).  The user agent is usually a
browser that knows how to do this (the HTML code is there
in case it does not).  Code Red ignores Location:.  Don't know
if nimba does or not.


Reply to: