I have been able to reduce the effect of the Nimda worm by implementing Host Headers. Now every nimda originated request gets a 404, before some were sent a 404, but also some error 500. This works because the worm scans base on IP only. Its not much of a help but the logs are now under control. Scans are about 10 times that of CodeRed.C so far. John Davidson ---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
This archive was generated by hypermail 2b30 : Tue Sep 18 2001 - 18:30:51 PDT