Response to Code Red?

From: Tulchinskiy, Sasha (STulchinskiy@aspensys.com)
Date: 07/20/01 

Message-ID: <966D241E5D22D411A31900805F6FED6303CD862F@mailsvr1.aspensys.com>
From: "Tulchinskiy, Sasha" <STulchinskiy@aspensys.com>
To: focus-ids@securityfocus.com
Subject: Response to Code Red?
Date: Fri, 20 Jul 2001 09:37:51 -0400

Hi All,

Just an idea - could somebody develop a simple command-line utility that
takes IP as parameter and sends /default.ida?MUSTDIENN..400times..NNN=a to
port 80 on that IP? This way (if the site has not been defaced), IIS will
crash.

Most of IDS have ability to ran a batch file in response - we can
effectively stop scanning or at least slow them down.

Sasha.

Relevant Pages

  • Re: Best Plan of action for 2 forest.......
    ... PortQry reports the status of a port in one of the following ways: ... ..LISTENING This response indicates that a process is listening on the target ...
    (microsoft.public.windows.server.active_directory)
  • RE: MBSA and MSs attempts at "security"
    ... >the port status of TCP and UDP ports on a computer you choose. ... you can also query an LDAP service. ... LDAP query and interpret an LDAP server's response to ...
    (Focus-Microsoft)
  • RE: Using a dynamic request - response port
    ... Saravana Kumar ... I don't have any direct experience working with WSS adapter, ... You need to make sure, you are getting some response back from Sharepoint ... May be its worth investigating using a static solict-response send port ...
    (microsoft.public.biztalk.general)
  • Re: Cant connect to Mailserver
    ... chance yet to dig into the server and find out why. ... When I telnet to port 25 I should get a response from your exchange ... Are the correct ports open in the router? ...
    (microsoft.public.windows.server.sbs)
  • Re: how to set timeout for read command
    ... >> The shell will attempt to connect to that TCP port, get an error response, ... The desired behavior of the program is to ... in response to the refusal to open the connection. ... The remote machine has something listening on the port, ...
    (comp.unix.shell)
Loading