[Dshield] Look at this Nitwit

Keith Bergen keith at keithbergen.com
Wed Jan 28 23:12:33 GMT 2004


There was some talk on this list about putting a fake default.ida file out
there. I can't remember exactly what the consensus was (if there was one).
Check through the archives, I remember quite a lot of discussions on the
code red and nimda viruses.

It would seem to me that a zero-byte default.ida would take less outgoing
bandwidth than a URL 404 message, but I may be over-simplifying it.

Keith. 

-----Original Message-----
From: list-bounces at dshield.org [mailto:list-bounces at dshield.org] On Behalf
Of David Hart
Sent: Wednesday, January 28, 2004 5:41 PM
To: General DShield Discussion List
Subject: Re: [Dshield] Look at this Nitwit


On Wed, 2004-01-28 at 16:50, Keith Bergen wrote:
> Yes. That is a Windows IIS server that is infected with the
> Nimda virus and trying to propagate it to your box. There's 
> probably not a lot you can do about it apart from sending an 
> email to his provider with the logs. . . . 

Thanks

How do you feel about a zero-byte default.ida? It saves some cycles. any
downside?
> 

                               ---------
            Quality Management - A Commitment to Excellence




More information about the list mailing list