Hi, you can always ask ARIN (whois whois.arin.net <ip>) or (in Europe) RIPE (whois.ripe.net), it will give you the administrative contact(s) for the netblock the questioned ip is in. I hacked a small shell script which takes an access_log file from my servers, extracts the nimda-type requests, does a lookup of the admin's email and sends him _one_ mail (with URLs pointing to NIMDA informations and how to remove it). Can't tell how successful I was with this attempt, but sent out 350 mails and received no "shut up"... Thomas -----Ursprungliche Nachricht----- Von: Alexey N. Solofnenko [mailto:alexeys@citechlabs.com] Gesendet: Montag, 24. September 2001 22:03 An: suse-security@suse.com Betreff: RE: [suse-security] Is it possible to return something, so Nimda would crash? Is it possible to retrieve administrator's email address from IIS? Or there is always a standard admin address. _____ < http://members.home.com/asolofnenko/ > Alexey N. Solofnenko < http://www.inventigo.com/ Inventigo LLC Pleasant Hill, CA (GMT-8 usually) -- To unsubscribe, e-mail: suse-security-unsubscribe@suse.com For additional commands, e-mail: suse-security-help@suse.com