From owner-freebsd-questions Mon Aug 20 15:37:48 2001 Delivered-To: freebsd-questions@freebsd.org Received: from chmls16.mediaone.net (chmls16.mediaone.net [24.147.1.151]) by hub.freebsd.org (Postfix) with ESMTP id 503CA37B401 for ; Mon, 20 Aug 2001 15:37:44 -0700 (PDT) (envelope-from leblanc@smtp.ne.mediaone.net) Received: from canada.acadia.ne.mediaone.net (acadia.ne.mediaone.net [65.96.185.189]) by chmls16.mediaone.net (8.11.1/8.11.1) with ESMTP id f7KMbjT19048 for ; Mon, 20 Aug 2001 18:37:45 -0400 (EDT) Received: (from leblanc@localhost) by canada.acadia.ne.mediaone.net (8.11.5/8.11.5) id f7KMVSW36102; Mon, 20 Aug 2001 18:31:28 -0400 (EDT) (envelope-from leblanc) Date: Mon, 20 Aug 2001 18:31:28 -0400 From: Louis LeBlanc To: freebsd-questions@FreeBSD.ORG, freebsd-questions@FreeBSD.ORG Subject: Re: Code Red Message-ID: <20010820183127.A36064@acadia.ne.mediaone.net> Reply-To: freebsd-questions@FreeBSD.ORG Mail-Followup-To: freebsd-questions@FreeBSD.ORG References: <20010820113337.A34996@acadia.ne.mediaone.net> <20010820163305.60779.qmail@web11706.mail.yahoo.com> <20010820151425.A35762@acadia.ne.mediaone.net> <01082021445504.04869@pcmarpxy.tninet.se> Mime-Version: 1.0 Content-Type: text/plain; charset=iso-8859-1 Content-Disposition: inline Content-Transfer-Encoding: 8bit In-Reply-To: <01082021445504.04869@pcmarpxy.tninet.se> User-Agent: Mutt/1.3.20i X-bright-idea: Lets abolish HTML mail! Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG On 08/20/01 09:44 PM, Mark Rowlands sat at the `puter and typed: > On Monday 20 August 2001 21:14, you wrote: > > On 08/20/01 09:33 AM, Tim Erlin sat at the `puter and typed: > > > Doesn't Code Red leave a backdoor open on the servers > > > it's infected? Anyone explored ways to respond to the > > > http requests that shutdown IIS on the offending > > > server? What would the legal implications of doing so > > > be -- self-defense? > > > > > > --Tim > > > > Is there really a way to shut down these servers? > > yes > > > > > > As far as legal implications, I think self defense is damn suitable as > > a reason for sending such a command. It is actually unlikely that the > > administrator of many of the systems still sending out these requests > > even know they are running anyway. > > it is illegal, and never that, how would you feel if you had missed something > on one of your servers and some kind soul came along and hacked it ....would > you sleep well at night knowing someone else, who may or may not be well > intentioned, has been in your server. I know I'd be hitting the restore > button and contacting my local law enforcement agency. > > snip Not sure what you mean by 'some kind soul', but I have only the one server. It isn't by any means a mission critical system, except that I get grumpy when I don't have my email :|. But my main problem is someone elses failure to keep up with their system causing any kind of trouble on mine. I'm not crazy about spam either :@ If you mean how would I feel if I were on the other side of this shutdown message, I don't know. I guess in my current situation, I wouldn't get too steamed about it if it prompted an investigation that led me to the real problem, but if I were administering a bank of commercial servers, I might or might not feel the same way. Hard to tell without going thru it. > snip... > > There are pleny of quite trivial scripting options for this, or you can just > grep your logs and mail em to www.dhield.org or www.aris.com who are > organising mass buggings of ISPs. > > as to the rant, well it bugs the hell out off me too but you can't let it > reduce your own standards of behaviour. :-) Understood. Guess I needed a good talking to. Thanks. :) I'll have to check out the options you mentioned. If I can get my 404.php to send me mail any time my server gets a bad hit, I guess I can set up a script (perl maybe) to grope my logs from a cron job and just send it off to someone else. Thanks! Lou -- Louis LeBlanc leblanc@acadia.ne.mediaone.net Fully Funded Hobbyist, KeySlapper Extrordinaire :) http://acadia.ne.mediaone.net ԿԬ Saliva causes cancer, but only if swallowed in small amounts over a long period of time. -- George Carlin To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message