Date: Mon, 20 Aug 2001 15:14:25 -0400 From: Louis LeBlanc <leblanc+freebsd@acadia.ne.mediaone.net> To: freebsd-questions@FreeBSD.ORG Subject: Re: Code Red Message-ID: <20010820151425.A35762@acadia.ne.mediaone.net> In-Reply-To: <20010820163305.60779.qmail@web11706.mail.yahoo.com> References: <20010820113337.A34996@acadia.ne.mediaone.net> <20010820163305.60779.qmail@web11706.mail.yahoo.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On 08/20/01 09:33 AM, Tim Erlin sat at the `puter and typed: > Doesn't Code Red leave a backdoor open on the servers > it's infected? Anyone explored ways to respond to the > http requests that shutdown IIS on the offending > server? What would the legal implications of doing so > be -- self-defense? > > --Tim Is there really a way to shut down these servers? If so, I think I could find a way to hack my 404.php script to send that message automatically. I'd have already set up an autorespond, but most of those machines are not running their own mailservice, so I just try to minimize the impact on my system. As far as legal implications, I think self defense is damn suitable as a reason for sending such a command. It is actually unlikely that the administrator of many of the systems still sending out these requests even know they are running anyway. After all, the M$ way is "Install EVERYTHING, and enable EVERYTHING! Then let the admins sort it out." It's a real pain in the ass if you ask me. And as far as self defense, these systems are draining resources for no useful or beneficial reason - I don't care how small the drain is from each individual request, when you get thousands of these in a day, the effect *is* noticable. And the purpose of these requests *is* malicious, wether the systems owner/operator knows it's there or not. So, I think I wouldn't hesitate to set up such an autoresponse to these messages. I doubt 90% of the people on the other end would have a problem with it or even know about it. And as for those that do, I have every right to set policy on my system for handling malicious traffic of any kind. Why don't I just look up the IP and let them know? Because this will take less of MY TIME away from me. I am not here to administer their system and protect them from themselves or anyone else. Besides, if they just happen to have IIS installed because M$ thought they would want it, they probably don't need it anyway and may not even know it's there. If they are running IIS explicitly for commercial or other reasons, they should damn well know better than to ignore all the hype that's been going on about this. If they don't know that they could have an infected install by now, they probably don't even have a clue they have it! /RANT Sorry, I got carried away there. Bit of a nut when M$ causes shit like this. (but I'd still like to know if these systems can be shut down like that!) Lou -- Louis LeBlanc leblanc@acadia.ne.mediaone.net Fully Funded Hobbyist, KeySlapper Extrordinaire :) http://acadia.ne.mediaone.net ԿԬ Random, n.: As in number, predictable. As in memory access, unpredictable. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20010820151425.A35762>