Try installing this in your modules/tcl directory:
# procedure to reflect nimda virus calls to (maybe) crash the attacker instead
ns_log notice "loading nimda.tcl"
ns_register_filter preauth GET /scripts/* nimda
proc nimda {conn ignore} {
set req [ns_conn request]
set reqlist [split $req " "]
set url [lindex $reqlist 1]
set host [ns_conn peeraddr]
ns_returnredirect http://$host$url
return
}
ns_log notice "nimda.tcl loaded"
Also available at http://www.rubylane.com/public/nimda.tcl.txt
It tells the attacker to attack himself. Not sure if it'll follow the
redirect, but it's worth a shot.
Jim
>
> And still more information is at
> http://www.infoworld.com/articles/hn/xml/01/09/18/010918hnworm.xml?0918alert
>
- [AOLSERVER] Code Rainbow attacks Freddie Mendoza
- Re: [AOLSERVER] Code Rainbow attacks Rusty Brooks
- Re: [AOLSERVER] Code Rainbow attacks Tom Jackson
- Re: [AOLSERVER] Code Rainbow attacks Rusty Brooks
- Re: [AOLSERVER] Code Rainbow attacks Jim Wilcoxson
- Re: [AOLSERVER] Code Rainbow attacks Jim Wilcoxson
- Re: [AOLSERVER] Code Rainbow attacks Jim Wilcoxson
- Re: [AOLSERVER] Code Rainbow attacks Dave Siktberg
- Re: [AOLSERVER] Code Rainbow attacks Jim Wilcoxson
- Re: [AOLSERVER] Code Rainbow attacks Jim Wilcoxson
- Re: [AOLSERVER] Code Rainbow attacks Jim Wilcoxson
- Re: [AOLSERVER] Code Rainbow attacks Chuck Kimber
- Re: [AOLSERVER] Code Rainbow attacks Michael Roberts
- Re: [AOLSERVER] Code Rainbow attacks Jim Wilcoxson
- Re: [AOLSERVER] Code Rainbow attacks Michael A. Cleverly
- Re: [AOLSERVER] Code Rainbow attacks Jim Wilcoxson
- Re: [AOLSERVER] Code Rainbow attacks Jim Wilcoxson
- Re: [AOLSERVER] Code Rainbow attacks Tom Jackson
- Re: [AOLSERVER] Code Rainbow attacks Daniel P. Stasinski
