Date: Mon, 20 Aug 2001 18:31:28 -0400 From: Louis LeBlanc <leblanc+freebsd@acadia.ne.mediaone.net> To: freebsd-questions@FreeBSD.ORG, freebsd-questions@FreeBSD.ORG Subject: Re: Code Red Message-ID: <20010820183127.A36064@acadia.ne.mediaone.net> In-Reply-To: <01082021445504.04869@pcmarpxy.tninet.se> References: <20010820113337.A34996@acadia.ne.mediaone.net> <20010820163305.60779.qmail@web11706.mail.yahoo.com> <20010820151425.A35762@acadia.ne.mediaone.net> <01082021445504.04869@pcmarpxy.tninet.se>
next in thread | previous in thread | raw e-mail | index | archive | help
On 08/20/01 09:44 PM, Mark Rowlands sat at the `puter and typed: > On Monday 20 August 2001 21:14, you wrote: > > On 08/20/01 09:33 AM, Tim Erlin sat at the `puter and typed: > > > Doesn't Code Red leave a backdoor open on the servers > > > it's infected? Anyone explored ways to respond to the > > > http requests that shutdown IIS on the offending > > > server? What would the legal implications of doing so > > > be -- self-defense? > > > > > > --Tim > > > > Is there really a way to shut down these servers? > > yes > > <SNIP> > > > > As far as legal implications, I think self defense is damn suitable as > > a reason for sending such a command. It is actually unlikely that the > > administrator of many of the systems still sending out these requests > > even know they are running anyway. > > it is illegal, and never that, how would you feel if you had missed something > on one of your servers and some kind soul came along and hacked it ....would > you sleep well at night knowing someone else, who may or may not be well > intentioned, has been in your server. I know I'd be hitting the restore > button and contacting my local law enforcement agency. > > snip Not sure what you mean by 'some kind soul', but I have only the one server. It isn't by any means a mission critical system, except that I get grumpy when I don't have my email :|. But my main problem is someone elses failure to keep up with their system causing any kind of trouble on mine. I'm not crazy about spam either :@ If you mean how would I feel if I were on the other side of this shutdown message, I don't know. I guess in my current situation, I wouldn't get too steamed about it if it prompted an investigation that led me to the real problem, but if I were administering a bank of commercial servers, I might or might not feel the same way. Hard to tell without going thru it. > snip... > > There are pleny of quite trivial scripting options for this, or you can just > grep your logs and mail em to www.dhield.org or www.aris.com who are > organising mass buggings of ISPs. > > as to the rant, well it bugs the hell out off me too but you can't let it > reduce your own standards of behaviour. :-) Understood. Guess I needed a good talking to. Thanks. :) I'll have to check out the options you mentioned. If I can get my 404.php to send me mail any time my server gets a bad hit, I guess I can set up a script (perl maybe) to grope my logs from a cron job and just send it off to someone else. Thanks! Lou -- Louis LeBlanc leblanc@acadia.ne.mediaone.net Fully Funded Hobbyist, KeySlapper Extrordinaire :) http://acadia.ne.mediaone.net ԿԬ Saliva causes cancer, but only if swallowed in small amounts over a long period of time. -- George Carlin To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20010820183127.A36064>