Try installing this in your modules/tcl directory: # procedure to reflect nimda virus calls to (maybe) crash the attacker instead ns_log notice "loading nimda.tcl" ns_register_filter preauth GET /scripts/* nimda proc nimda {conn ignore} { set req [ns_conn request] set reqlist [split $req " "] set url [lindex $reqlist 1] set host [ns_conn peeraddr] ns_returnredirect http://$host$url return } ns_log notice "nimda.tcl loaded" Also available at http://www.rubylane.com/public/nimda.tcl.txt It tells the attacker to attack himself. Not sure if it'll follow the redirect, but it's worth a shot. Jim > > And still more information is at > http://www.infoworld.com/articles/hn/xml/01/09/18/010918hnworm.xml?0918alert >
- [AOLSERVER] Code Rainbow attacks Freddie Mendoza
- Re: [AOLSERVER] Code Rainbow attacks Rusty Brooks
- Re: [AOLSERVER] Code Rainbow attacks Tom Jackson
- Re: [AOLSERVER] Code Rainbow attacks Rusty Brooks
- Re: [AOLSERVER] Code Rainbow attacks Jim Wilcoxson
- Re: [AOLSERVER] Code Rainbow attacks Jim Wilcoxson
- Re: [AOLSERVER] Code Rainbow attacks Jim Wilcoxson
- Re: [AOLSERVER] Code Rainbow attacks Dave Siktberg
- Re: [AOLSERVER] Code Rainbow attacks Jim Wilcoxson
- Re: [AOLSERVER] Code Rainbow attacks Jim Wilcoxson
- Re: [AOLSERVER] Code Rainbow attacks Jim Wilcoxson
- Re: [AOLSERVER] Code Rainbow attacks Chuck Kimber
- Re: [AOLSERVER] Code Rainbow attacks Michael Roberts
- Re: [AOLSERVER] Code Rainbow attacks Jim Wilcoxson
- Re: [AOLSERVER] Code Rainbow attacks Michael A. Cleverly
- Re: [AOLSERVER] Code Rainbow attacks Jim Wilcoxson
- Re: [AOLSERVER] Code Rainbow attacks Jim Wilcoxson
- Re: [AOLSERVER] Code Rainbow attacks Tom Jackson
- Re: [AOLSERVER] Code Rainbow attacks Daniel P. Stasinski