[Dshield] Look at this Nitwit
keith at keithbergen.com
Wed Jan 28 23:12:33 GMT 2004
There was some talk on this list about putting a fake default.ida file out
there. I can't remember exactly what the consensus was (if there was one).
Check through the archives, I remember quite a lot of discussions on the
code red and nimda viruses.
It would seem to me that a zero-byte default.ida would take less outgoing
bandwidth than a URL 404 message, but I may be over-simplifying it.
From: list-bounces at dshield.org [mailto:list-bounces at dshield.org] On Behalf
Of David Hart
Sent: Wednesday, January 28, 2004 5:41 PM
To: General DShield Discussion List
Subject: Re: [Dshield] Look at this Nitwit
On Wed, 2004-01-28 at 16:50, Keith Bergen wrote:
> Yes. That is a Windows IIS server that is infected with the
> Nimda virus and trying to propagate it to your box. There's
> probably not a lot you can do about it apart from sending an
> email to his provider with the logs. . . .
How do you feel about a zero-byte default.ida? It saves some cycles. any
Quality Management - A Commitment to Excellence
More information about the list