-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
you could, of course, throw a few sleep() stmnts in there
to get the script to output a few bytes every few seconds
and keep the connection active... :-)
> -----Original Message-----
> From: Scott Brown [mailto:[EMAIL PROTECTED]]
> Subject: RE: [PHP] new one is it ??
>
>
> Unfortunately, you're punishing the infected person, rather than the
> instigator of the worm.
>
> I've read of people developing perl scriptlets that basically hold the
> connection open as long as possible by fooling the other side into thinking
> that it's got a host it's infecting... thereby slowing down the propagation
> of the worm. The numbers I saw indicated that with version 1 of the worm,
> and it's 100 threads, holding a connection as long as possible before timing
> out (which is what, 5 minutes?) slows the propagation of the worm 265,000%
>
> But (personally) I dont think it's appropriate to lash back against an
> infected machine (though a quick "why dont you patch your @#(*)( machines"
> to the network owner has been known to occur on occasion when I get hit by
> many many servers within a given netblock).
>
> > -----Original Message-----
> > From: scott [gts] [mailto:[EMAIL PROTECTED]]
> > Sent: Monday, August 13, 2001 10:38 AM
> > To: php
> > Subject: RE: [PHP] new one is it ??
> >
> >
> >
> > -----BEGIN PGP SIGNED MESSAGE-----
> > Hash: SHA1
> >
> > what about something like this ?
> > (just configure apache to have PHP handle *.ida files)
> >
> > <?
> > // this is so our script won't time out
> > set_time_limit(0);
> >
> > // how many bytes of junk to generate
> > $jsize = 1024 * 10;
> > // how many times to print $junk
> > $jout = 1;
> >
> > // generate some random junk
> > $n = 0;
> > while ($n++ < $jsize) {
> > $junk .= chr( rand(1,200) );
> > }
> >
> > $i = 0;
> > while ( $i++ < $jout ) {
> > print $junk;
> > }
> >
> > ?>
> >
> > > -----Original Message-----
> > > From: Tim [mailto:[EMAIL PROTECTED]]
> > > Subject: Re: [PHP] new one is it ??
> > >
> > >
> > > Boy that looks familiar...my (apache) logs are full of 'em.
> > >
> > > I wonder if we can make a PHP script called default.ida
> > that sends back
> > > a big chunk of data and causes the worm to get a buffer
> > overflow? :) :)
> > >
> > > - Tim (glad I don't run IIS :)
> > >
> > > On 13 Aug 2001 22:27:06 +0800, Mark Lo wrote:
> > > > 208.251.146.123 - - [13/Aug/2001:22:24:27 +0800] "GET
> > > >
> > /default.ida?NNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNN
> > NNNNNNNNNNNNNN
> > > >
> > NNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNN
> > NNNNNNNNNNNNNN
> > > >
> > NNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNN
> > NNNNNNNNNNNNNN
> > > >
> > NNNNNNNNN%u9090%u6858%ucbd3%u7801%u9090%u6858%ucbd3%u7801%u909
> > 0%u6858%ucbd3%
> > > >
> > u7801%u9090%u9090%u8190%u00c3%u0003%u8b00%u531b%u53ff%u0078%u0
> > 000%u00=a
> > > > HTTP/1.0" 400 333 - "-" "-"
> >
> > -----BEGIN PGP SIGNATURE-----
> > Version: PGPfreeware 7.0.3 for non-commercial use <http://www.pgp.com>
> >
> > iQA/AwUBO3fmM8aXTGgZdrSUEQKRAgCgrGf+r6Fma17L39tEVp8lwanC+FwAoJlz
> > l7k1s47s8EdDHnM+jLZzDuL2
> > =z2GG
> > -----END PGP SIGNATURE-----
> >
> >
> > --
> > PHP General Mailing List (http://www.php.net/)
> > To unsubscribe, e-mail: [EMAIL PROTECTED]
> > For additional commands, e-mail: [EMAIL PROTECTED]
> > To contact the list administrators, e-mail:
> > [EMAIL PROTECTED]
> >
> >
>
>
> --
> PHP General Mailing List (http://www.php.net/)
> To unsubscribe, e-mail: [EMAIL PROTECTED]
> For additional commands, e-mail: [EMAIL PROTECTED]
> To contact the list administrators, e-mail: [EMAIL PROTECTED]
-----BEGIN PGP SIGNATURE-----
Version: PGPfreeware 7.0.3 for non-commercial use <http://www.pgp.com>
iQA/AwUBO3foz8aXTGgZdrSUEQITGQCgwxmL0KexmBSj+FBC4uyv6XXhr30AoJie
j67nEMhjOm2Jh8w4tLaofCSq
=CpO9
-----END PGP SIGNATURE-----
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]
