Most of them wouldn't have the sense to know what NMAP is, much less run a xNIX box so they could use it effectively. I took System Administration at RIT last quarter (IT major, unique huh?), and most of the students in our class wouldn't go near NMAP. A CLI? Surely you jest. Much easier to run another scanner that will do the attack for you, and provide pretty graphics to boot. But even a lame Windows-based GUI port scanner will identify the omputer as "NOT Windows, not anything NEAR Windows."
As for remedying the situation, I'd suggest something a bit more evil than just a static 404 page... like one that changes the attacker's start page to naughtypeaches.com or something that Stef would enjoy. But that would be running malicious code on a server and that would be wrong. (Then again, if they have Nimda they have enough problems, it should be redirecting them to Symantec, no?) >;) |
