Security Incidents mailing list archives
Nimda Worm Mitigation
From: "John Davidson" <jwd_ods () monisys ca>
Date: Tue, 18 Sep 2001 19:56:13 -0400
I have been able to reduce the effect of the Nimda worm by implementing Host Headers. Now every nimda originated request gets a 404, before some were sent a 404, but also some error 500. This works because the worm scans base on IP only. Its not much of a help but the logs are now under control. Scans are about 10 times that of CodeRed.C so far. John Davidson ---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
Current thread:
- Nimda Worm Mitigation John Davidson (Sep 18)
- RE: Nimda Worm Mitigation Jason Lewis (Sep 18)
- RE: Nimda Worm Mitigation: Snort Kain X (Sep 19)
- <Possible follow-ups>
- FW: Nimda Worm Mitigation Jason Lewis (Sep 19)
- Apache rewrite rules and error msgs & Nimda Chris Stephens (Sep 19)
- RE: Nimda Worm Mitigation Jason Lewis (Sep 18)