Merit Network
 Can't find what you're looking for? Search the Mail Archives.
  About Merit   Services   Network   Resources & Support   Network Research   News   Events   Home

Discussion Communities: Merit Network Email List Archives
North American Network Operators Group
Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

Nimda Worm

  • From: Mike Jackson
  • Date: Tue Sep 18 17:57:22 2001 
One of the spread methods has to do with retrieving a file called
"readme.eml" from the infected web servers.  Adding this to my Cisco
HBAR code red config seems to at least keep my customers from becoming
infected using that method.

class-map match-any http-hacks
  .. code red stuff..
   match protocol http url "*readme.eml"

Can anyone confirm exactly what filenames the email spread version uses?

-- 

Mike Jackson <mhjack@tscnet.com>
Vice-President
TSCNet, Inc.

Phone: 360-308-0205
Fax: 360-698-7789
http://www.tscnet.com


Discussion Communities


About Merit | Services | Network | Resources & Support | Network Research
News | Events | Contact | Site Map | Merit Network Home


Merit Network, Inc.