Totally off the topic of Perl but..

use iptables if on Linux, you need the string filtering module, e.g.

$IPT -A INPUT -p tcp --destination-port 80 -m string --string "SEARCH"
+ -j REJECT --reject-with tcp-reset
[download]

and the same rule beforehand with a LOG target..

Matching a length with iptables failed for me - I couldn't figure out the real length. I think the reason is what shows up in your logs is not what's on the wire -- which is hex as I read you can use the hex-string module for iptables, but you have to build this by hand and recompile your kernel..

What you can do with perl :^P is to parse your log files to see how successful you've been in blocking it.

Also turn off icmp with iptables. IIRC that exploit begins after a good ping. I've eliminated them totally using the above..

-harold