AW: Apache hack attempts
From: Stefan Osterlitz (ostrlitz@blox.de)Date: 08/13/01
- Previous message: Derek D. Martin: "Re: securing a network with nfs"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: "Stefan Osterlitz" <ostrlitz@blox.de> To: "'Martin Glazer'" <martin.glazer@montage-dmc.com>, "'Brian Clifton'" <brian@omegadm.co.uk> Subject: AW: Apache hack attempts Date: Mon, 13 Aug 2001 18:57:53 +0200 Message-ID: <C5FEADB4FB3EE543959CE43DEE2ABE4E35ED@trendserver.blox.blox.ag>
> This brought forth an idea...
>
> > A nice post from Xavi. Modify httpd.conf as follows:
> >
> > Redirect /default.ida http://www.microsoft.com/default.ida
> >
>
> I am not an expert on scripting or the way Code Red operates, but
can
> someone not create a defailt.ida script which would redirect the
worm
> back to the attacking IP? Something similar to Early Bird <
> http://www.securityfocus.com/tools/2137 >, but cause the worm to
> reinfect it's host machine. If enough of this takes place, it
> may crash
> the offending machine/worm.
>
> Is this possible or worthwhile doing?
Not with Code Red. Code Red checks for the existance of the
"c:\notworm" file.
If it is found, the host is not reinfected.
It would not be kind, too.
Would you do this to the MS patch servers <gg>?
Stefan Osterlitz
- Previous message: Derek D. Martin: "Re: securing a network with nfs"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
