This also goes back to the heart of whether or not it is legal / ethical to shut someone's system down.
Blocking access is one thing, trying to shut a server down is quite another in my opinion. I actually did have a script running that would sucessfully block out pretty close to 100% of all nimda related "infection" attempts via ipchains / hosts.deny . On any server I run, I'm certainly not going to try to shut down the server attempting to infect me. If I did so, I'd be opening myself up to a potential lawsuit from the company running the infected server. Send an e-mail to their admin, or block off their access, but don't shut their machine down. It's a legally questionable move to do that. Michael -- Michael Viron <[EMAIL PROTECTED]> Core Systems Group Simple End User Linux At 07:10 AM 4/29/2002 -0400, you wrote: >> Hello, would anyone know where I can find >> a script that would shut down or stop >> a nimda infected server? >> >> I can no longer tolerate this nimda, >> blocking does not work, there are some >> addresses that still get though and I don't >> know how the little buggers do it, so I >> want to make my web server send back a command >> that will shut off the infected server. >> >> Thanks to those that can help. >> >> Ibly >> > >Ibly, > >Do an archive search for a thread on HoneyPort. I believe you'll find it >on the expert archive. You can also find some information if you do a >search for Labrea Tarpit on Google. That should help you in what you're >looking to do. It will at least trap the incoming connection attempt and >keep it from sucking up yer bandwidth/server resources. However, it >won't send a term signal back to the offending computer. For that you're >going to have to do a little more searching on Google. But those >programs are out there. > >You may also find a few references to programs such as this in the >expert archives if you search long enough. > >Mark > > >Want to buy your Pack or Services from MandrakeSoft? >Go to http://www.mandrakestore.com >
Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
