> Looking at my logs, it seems to work: > > GET /cmd.dll HTTP/1.0" 302 > > GET /c/winnt/system32/cmd.exe?/c+dir HTTP/1.0" 302
Yeah, but just because your Apache sends a 302 code back to
the Nimda box doesn't mean it will use this information and hit
www.microsoft.com. If you redirected it to another one of your own
boxes and watched this happen (302 on the Redirect box, 404 on your
second box, from the same IP) I'd believe it.
Even better, check out
http://www.incidents.org/LaBrea/
It's a utility that pretends to be unused IP addresses, and when a
scanner hits one of these addresses the daemon holds the connection
open permanently.
Chris
--
Christopher S. Swingley phone: 907-474-2689
Computer / Network Manager email: [EMAIL PROTECTED]
IARC -- Frontier Program GPG and PGP keys at my web page:
University of Alaska Fairbanks www.frontier.iarc.uaf.edu/~cswingle
"They that can give up essential liberty to obtain a little temporary
safety deserve neither liberty nor safety." -- Ben Franklin
pgphIEnq71OYe.pgp
Description: PGP signature
