Nimda Worm Mitigation

From: John Davidson (jwd_odsat_private)
Date: Tue Sep 18 2001 - 16:56:13 PDT

Next message: Homer Wilson Smith: "Re: Concept Virus(CV) V.5 - Quick analysis update"

Previous message: Brett Glass: "Re: nimda tries to send mail after reboot"
Next in thread: Jason Lewis: "RE: Nimda Worm Mitigation"
Reply: Jason Lewis: "RE: Nimda Worm Mitigation"
Reply: Jason Lewis: "FW: Nimda Worm Mitigation"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

I have been able to reduce the effect of the Nimda worm by implementing Host
Headers. Now every nimda originated request gets a 404, before some were
sent a 404, but also some error 500.

This works because the worm scans base on IP only.

Its not much of a help but the logs are now under control. Scans are about
10 times that of CodeRed.C so far.

John Davidson



----------------------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management 
and tracking system please see: http://aris.securityfocus.com

Next message: Homer Wilson Smith: "Re: Concept Virus(CV) V.5 - Quick analysis update"
Previous message: Brett Glass: "Re: nimda tries to send mail after reboot"
Next in thread: Jason Lewis: "RE: Nimda Worm Mitigation"
Reply: Jason Lewis: "RE: Nimda Worm Mitigation"
Reply: Jason Lewis: "FW: Nimda Worm Mitigation"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Tue Sep 18 2001 - 18:30:51 PDT