[Dshield] Code Red Data Collection.

Johannes B. Ullrich jullrich at euclidian.com
Wed Aug 8 21:34:08 GMT 2001

On Wed, 8 Aug 2001, Joseph Shraibman wrote:

> OK I put this in my httpd.conf:
> <Location /default.ida*>
>     Deny from all
>     ErrorDocument 403 http://feeds.dshield.org/default.ida
> </Location>
> Do you want me to do something like change the trap to
> http://feeds.dshield.org/default.ida?trap-from-my.machine.com ?

Actually, it doesn't work this way :-(. The Code Red worm does not
behave like a 'regular' browser. It will not be redirected.

I have to come up with a different method :-((((

jullrich at sans.org                    Join http://www.DShield.org
                                     Distributed Intrusion Detection System

More information about the list mailing list