AW: Apache hack attempts

From: Stefan Osterlitz (ostrlitz@blox.de)
Date: 08/13/01


From: "Stefan Osterlitz" <ostrlitz@blox.de>
To: "'Martin Glazer'" <martin.glazer@montage-dmc.com>, "'Brian Clifton'" <brian@omegadm.co.uk>
Subject: AW: Apache hack attempts
Date: Mon, 13 Aug 2001 18:57:53 +0200
Message-ID: <C5FEADB4FB3EE543959CE43DEE2ABE4E35ED@trendserver.blox.blox.ag>


> This brought forth an idea...
>
> > A nice post from Xavi. Modify httpd.conf as follows:
> >
> > Redirect /default.ida http://www.microsoft.com/default.ida
> >
>
> I am not an expert on scripting or the way Code Red operates, but
can
> someone not create a defailt.ida script which would redirect the
worm
> back to the attacking IP? Something similar to Early Bird <
> http://www.securityfocus.com/tools/2137 >, but cause the worm to
> reinfect it's host machine. If enough of this takes place, it
> may crash
> the offending machine/worm.
>
> Is this possible or worthwhile doing?

Not with Code Red. Code Red checks for the existance of the
"c:\notworm" file.
If it is found, the host is not reinfected.

It would not be kind, too.
Would you do this to the MS patch servers <gg>?

Stefan Osterlitz



Relevant Pages

  • Re: Apache hack attempts
    ... Modify httpd.conf as follows: ... I am not an expert on scripting or the way Code Red operates, ... someone not create a defailt.ida script which would redirect the worm ... reinfect it's host machine. ...
    (Focus-Linux)
  • Re: Apache hack attempts
    ... >> A nice post from Xavi. ... Modify httpd.conf as follows: ... > I am not an expert on scripting or the way Code Red operates, ... > reinfect it's host machine. ...
    (Focus-Linux)