a real way to stop an http based worm

From: Gert-Jan Hagenaars (blenderat_private)
Date: Fri Sep 07 2001 - 14:00:26 PDT

Next message: Meritt James: "permission (was: Re: illegal cheer"

Previous message: Meritt James: "let others do it (was: Re: CodeGreen beta release (idq-patcher/antiCodeRed/etc.)"
Next in thread: Jose Nazario: "Re: a real way to stop an http based worm"
Reply: Jose Nazario: "Re: a real way to stop an http based worm"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Can this be done on the web-proxy boxes that the ISPs have on their
networks?  I.e. dunk anything that looks for "/default.ida?blah"?

This way the (in this case: minimal) cost _is_ deflected back to the ISPs,
and traffic doesn't even go onto their backbone to waste bandwidth.

_AND_ this would be a completely technical solution. 

CHeers,
Gert-Jan.

-- 
+++++++++++++ -------- +++++ --- ++ - +0+ + ++ +++ +++++ ++++++++ +++++++++++++
sed '/^[when][coders]/!d         G.J.W. Hagenaars -- gj at hagenaars dot com
    /^...[discover].$/d          Remembering Mike Carty 1968-1994
   /^..[real].[code]$/!d         UltrixIrixAIXHPUXSunOSLinuxBSD, nothing but nix
' /usr/dict/words                I'm Dutch, what's _your_ excuse?

Next message: Meritt James: "permission (was: Re: illegal cheer"
Previous message: Meritt James: "let others do it (was: Re: CodeGreen beta release (idq-patcher/antiCodeRed/etc.)"
Next in thread: Jose Nazario: "Re: a real way to stop an http based worm"
Reply: Jose Nazario: "Re: a real way to stop an http based worm"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Fri Sep 07 2001 - 14:39:19 PDT