Date: Mon, 20 Aug 2001 03:15:30 -0400 (EDT) From: Tony Collen <manero@yossman.com> To: Alfred Perlstein <bright@mu.org> Cc: Wilko Bulte <wkb@freebie.xs4all.nl>, "Carroll, D. (Danny)" <Danny.Carroll@mail.ing.nl>, freebsd-security@FreeBSD.ORG Subject: Re: Code Red is from default setup Message-ID: <Pine.BSF.4.21.0108200314130.6892-100000@yossman.com> In-Reply-To: <20010820021249.A81307@elvis.mu.org>
next in thread | previous in thread | raw e-mail | index | archive | help
On Mon, 20 Aug 2001, Alfred Perlstein wrote: > * Wilko Bulte <wkb@freebie.xs4all.nl> [010820 01:53] wrote: > > On Mon, Aug 20, 2001 at 08:50:57AM +0200, Carroll, D. (Danny) wrote: > > > > This is *FreeBSD* security, not MickeySoft latest bugs.. > > Agreed. Although it would be amusing to detect default.ida requests > and reply with a similar request the difference being that the reply > one reboots/shuts-down the infected box. > > I'm suprised no one has suggested crafting such a tool. Simple. Just request something like /scripts/root.exe?/c+rundll.exe+user.exe,exitwindows And the box should reboot. You might have to encode the periods and the commas though. -- Anthony Collen manero@manero.org http://manero.org -- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.4.21.0108200314130.6892-100000>