> With the above facts in place wouldn't be possible to, on
> your server (i.e. the thing that's being attacked) :-
>
> a) add an association for .ida to point to the coldfusion
> engine.
>
> b) create a default.ida in which one captures the remote
> address of the system trying to do the exploit.
>
> c) having grabbed the address do a cfhttp back to that
> address using the backdoor created in code red V3 to disable
> ( or maybe fix ) that system. I was going to attach the code
> to do it but..................
>
> Or is this totally unethical - love to hear your thoughts
I think that it would be wrong to compromise someone else's system, even for
ostensibly good goals.
Dave Watts, CTO, Fig Leaf Software
http://www.figleaf.com/
voice: (202) 797-5496
fax: (202) 797-5444
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Structure your ColdFusion code with Fusebox. Get the official book at
http://www.fusionauthority.com/bkinfo.cfm
FAQ: http://www.thenetprofits.co.uk/coldfusion/faq
Archives: http://www.mail-archive.com/cf-talk@houseoffusion.com/
Unsubscribe: http://www.houseoffusion.com/index.cfm?sidebar=lists
