Instead on cfhttp do a "net send xxx.xxx.xxx.xxx "Your machine is infected
with code red".
Rich
> -----Original Message-----
> From: Dave Watts [mailto:[EMAIL PROTECTED]]
> Sent: Monday, August 13, 2001 11:15 AM
> To: CF-Talk
> Subject: RE: Total Fix For Code Red
>
>
> > With the above facts in place wouldn't be possible to, on
> > your server (i.e. the thing that's being attacked) :-
> >
> > a) add an association for .ida to point to the coldfusion
> > engine.
> >
> > b) create a default.ida in which one captures the remote
> > address of the system trying to do the exploit.
> >
> > c) having grabbed the address do a cfhttp back to that
> > address using the backdoor created in code red V3 to disable
> > ( or maybe fix ) that system. I was going to attach the code
> > to do it but..................
> >
> > Or is this totally unethical - love to hear your thoughts
>
> I think that it would be wrong to compromise someone else's
> system, even for
> ostensibly good goals.
>
> Dave Watts, CTO, Fig Leaf Software
> http://www.figleaf.com/
> voice: (202) 797-5496
> fax: (202) 797-5444
>
>
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Structure your ColdFusion code with Fusebox. Get the official book at
http://www.fusionauthority.com/bkinfo.cfm
FAQ: http://www.thenetprofits.co.uk/coldfusion/faq
Archives: http://www.mail-archive.com/cf-talk@houseoffusion.com/
Unsubscribe: http://www.houseoffusion.com/index.cfm?sidebar=lists
