On Mon, 24 Sep 2001 22:00:53 -0400, "Fulton L. Preston Jr." wrote: > I implemented the methods below on my IIS and Apache servers and it > knocked all the local Nimda traffic dead in minutes. Nimda traffic from > neighboring ISPs was way down within an hour. Since I am on a cable > modem I can't control the rest of the network around me but this sure > did shut them noisy infected boxes up in a hurry :) For machines that don't run a web server, I wrote a short perl script that will send an HTTP/1.1 Redirect to anyone attempting to access port 80. I'm not very familiar with the HTTP protocol, so I may have done something that's technically incorrect, but lynx honors the redirect just fine, so I think it's OK. The script is appended to this message. -- Kyle R. Hofmann <krhat_private> -----Script begins here----- #!/usr/bin/perl -Tw use strict; use IO::Socket; $::WEB_PORT = 80; my ($server); my ($client); $server = IO::Socket::INET->new(LocalPort => $::WEB_PORT, Type => SOCK_STREAM, Reuse => 1, Listen => SOMAXCONN ) or die "I couldn't bind myself to port $::WEB_PORT: $!\n"; close(STDIN); close(STDOUT); close(STDERR); chdir("/"); while ($client = $server->accept()) { my ($line); while (($line = <$client>) !~ /^\s*$/) { } print $client "HTTP/1.1 301 Redirect\n"; print $client "Date: ", scalar(localtime()), "\n"; print $client "Location: http://127.0.0.1/\n\n"; $client->shutdown(2); } ---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
This archive was generated by hypermail 2b30 : Tue Sep 25 2001 - 08:10:58 PDT