[Dshield] Code Red Data Collection.
security at admin.fulgan.com
Tue Aug 7 11:50:38 GMT 2001
JS> If the virus writer is smart they will ignore a redirect. Are you
JS> sure this will work?
My understanding is that the worm uses wiinet.dll to do it's evil
scanning and, therefore, it will follow the redirect. It makes sens:
it wants to infect a web server so, if you give it two chances out of
a single one, that's all bonus...
Good luck, Stephane
JS> "Johannes B. Ullrich" wrote:
>> Is easier... we just log everything that goes to
>> 'feeds.dshield.org/default.ida' and use our apache access_log/error_log to
>> analyze the data.
security mailto:security at admin.fulgan.com
More information about the list