Skip site navigation (1)Skip section navigation (2)
Date:      Mon, 20 Aug 2001 21:44:55 +0200
From:      Mark Rowlands <mark.rowlands@minmail.net>
To:        freebsd-questions@FreeBSD.ORG
Subject:   Re: Code Red
Message-ID:  <01082021445504.04869@pcmarpxy.tninet.se>
In-Reply-To: <20010820151425.A35762@acadia.ne.mediaone.net>
References:  <20010820113337.A34996@acadia.ne.mediaone.net> <20010820163305.60779.qmail@web11706.mail.yahoo.com> <20010820151425.A35762@acadia.ne.mediaone.net>

next in thread | previous in thread | raw e-mail | index | archive | help
On Monday 20 August 2001 21:14, you wrote:
> On 08/20/01 09:33 AM, Tim Erlin sat at the `puter and typed:
> > Doesn't Code Red leave a backdoor open on the servers
> > it's infected? Anyone explored ways to respond to the
> > http requests that shutdown IIS on the offending
> > server? What would the legal implications of doing so
> > be -- self-defense?
> >
> > --Tim
>
> Is there really a way to shut down these servers?  

yes

> If so, I think I
> could find a way to hack my 404.php script to send that message
> automatically.  I'd have already set up an autorespond, but most of
> those machines are not running their own mailservice, so I just try to
> minimize the impact on my system.


>
> As far as legal implications, I think self defense is damn suitable as
> a reason for sending such a command.  It is actually unlikely that the
> administrator of many of the systems still sending out these requests
> even know they are running anyway.

it is illegal, and never that, how would you feel if you had missed something 
on one of your servers and some kind soul came along and hacked it ....would 
you sleep well at night knowing someone else, who may or may not be well 
intentioned, has been in your server. I know I'd be hitting the restore 
button and contacting my local law enforcement agency.   

snip

> So, I think I wouldn't hesitate to set up such an autoresponse to
> these messages.  I doubt 90% of the people on the other end would have
> a problem with it or even know about it.  And as for those that do, I
> have every right to set policy on my system for handling malicious
> traffic of any kind.  Why don't I just look up the IP and let them
> know?  Because this will take less of MY TIME away from me.  I am not
> here to administer their system and protect them from themselves or
> anyone else.  

snip...

There are pleny of quite trivial scripting options for this, or you can just  
grep your logs and mail em to www.dhield.org    or www.aris.com who are 
organising mass buggings of ISPs.

as to the rant, well it bugs the hell out off me too but you can't let it 
reduce your own standards of behaviour.  :-)

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message




Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?01082021445504.04869>