[Dshield] Code Red Data Collection.

security@admin.fulgan.com security at admin.fulgan.com
Tue Aug 7 11:50:38 GMT 2001

JS> If the virus writer is smart they will ignore a redirect.  Are you
JS> sure this will work?

My understanding is that the worm uses wiinet.dll to do it's evil
scanning and, therefore, it will follow the redirect. It makes sens:
it wants to infect a web server so, if you give it two chances out of
a single one, that's all bonus...

Good luck, Stephane

JS> "Johannes B. Ullrich" wrote:
>> Is easier... we just log everything that goes to
>> 'feeds.dshield.org/default.ida' and use our apache access_log/error_log to
>> analyze the data.

Best regards,
 security                            mailto:security at admin.fulgan.com

More information about the list mailing list