durusmail: quixote-users: Rejecting requests when using Quixote+Medusa
Rejecting requests when using Quixote+Medusa
2003-12-15
Jim Dukarm
2003-12-17
A.M. Kuchling
2003-12-17
Jim Dukarm
2003-12-27
Greg Ward
2003-12-27
Jim Dukarm
Rejecting requests when using Quixote+Medusa
Jim Dukarm
2003-12-27
--------- Greg Ward: [re redirect to yahoo.com] ----------------
> That seems rather rude to yahoo.  Surely they have enough worm-load
> already.  If the worms actually implement redirecting (unlikely), a
> redirect to 127.0.0.1 would be much more appropriate.  ;->

Yes, I thought about the possibility that garbage traffic might be
sent onto Yahoo, and I only went through with the idea when I figured
out that the scanners would not actually follow up on a redirect.

Using 127.0.0.1 would have been exactly The Right Thing, but I didn't
think of it. In the end, it turns out that any response to one of
these worms tends to stimulate further probes, so the redirect idea
backfired.

On the other hand, the technique of simply not responding to improper
requests seems to be working. I think I am seeing less scanning and
probing activity now. There have been no repeat visits from any single
I.P. address, anyway. (All the rejected requests are logged, so I
still know what is going on).

Jim Dukarm
DELTA-X RESEARCH
Victoria BC Canada
reply