dman wrote:
>
> On Fri, Sep 21, 2001 at 09:29:11AM -0500, Keith G. Murphy wrote:
> | DvB wrote:
> ...
> | > You could always set up a tarpit:
> | >
> | > http://www.hackbusters.net/LaBrea/
> | >
> | How is this different from, or better than, CodeRedneck?
>
> If you read the page, it says that La
On Fri, Sep 21, 2001 at 09:29:11AM -0500, Keith G. Murphy wrote:
| DvB wrote:
...
| > You could always set up a tarpit:
| >
| > http://www.hackbusters.net/LaBrea/
| >
| How is this different from, or better than, CodeRedneck?
If you read the page, it says that LaBrea is the next generation of
Co
DvB wrote:
>
> "Brooks R. Robinson" <[EMAIL PROTECTED]> writes:
>
> > > > the worm wouldn't even know the difference, to it it looks like it would
> > > > hit microsofts site from your url if it tries those extentions.
> > >
> > > Not correct, it gets a Redirect as the response, and it's its
> >
on Fri, Sep 21, 2001 at 12:07:55AM -0700, Erik Steffl ([EMAIL PROTECTED]) wrote:
> "Karsten M. Self" wrote:
> ...
> > In /var/lib/dpkg:
> >
> > 32504 info
> > 4564available-old
> > 4564available
> > 2816methods
> >
> > ...is it possible to clear out the 'info' direct
"Karsten M. Self" wrote:
...
> In /var/lib/dpkg:
>
> 32504 info
> 4564available-old
> 4564available
> 2816methods
>
> ...is it possible to clear out the 'info' directory? This contains the
> list, md5sums, postinst, postrm, preinst, prerm, and shlibs files for
> pac
on Thu, Sep 20, 2001 at 04:55:23PM +1000, Sam Varghese ([EMAIL PROTECTED])
wrote:
> Nicholas Petreley had this suggestion for redirecting
> nimda probes using Apache:
>
> RedirectMatch ^.*\.(exe|dll).* http://support.microsoft.com
>
> Of course, one can choose to redirect the request anywhere.
On Thu, Sep 20, 2001 at 09:50:17AM -0500, John Hasler wrote:
| Adam McDaniel writes:
| > the worm wouldn't even know the difference, to it it looks like it would
| > hit microsofts site from your url if it tries those extentions.
|
| And then Microsoft will accuse you of a DOS attack.
How so? *Y
also sprach Brooks R. Robinson (on Thu, 20 Sep 2001 04:12:17PM -0500):
> What about port forwarding? It'd still up the CPU usage on a machine, but
> would it have the same results? I so much want to do this.
sure, that would work. if you can afford the bandwidth. i got 2.7Gb in
four hours in mer
On Thu, Sep 20, 2001 at 10:17:30AM -0600, Adam McDaniel wrote:
> > > And then Microsoft will accuse you of a DOS attack.
> >
> > Couldn't you just claim that your machine was inffected?
>
> either way, its microsoft's fault anyway :)
>
well, they released the patch almost a year ago.. it's thei
On: Thursday, September 20, 2001 2:09 PM, [EMAIL PROTECTED]
> > > the worm wouldn't even know the difference, to it it looks like it
would
> > > hit microsofts site from your url if it tries those extentions.
> > Not correct, it gets a Redirect as the response, and it's its
> > responsibility to f
> Looking at my logs, it seems to work:
>
> GET /cmd.dll HTTP/1.0" 302
>
> GET /c/winnt/system32/cmd.exe?/c+dir HTTP/1.0" 302
Yeah, but just because your Apache sends a 302 code back to
the Nimda box doesn't mean it will use this information and hit
www.microsoft.com. If you redirected it to an
Sam Varghese wrote:
> Looking at my logs, it seems to work:
>
> GET /cmd.dll HTTP/1.0" 302
>
> GET /c/winnt/system32/cmd.exe?/c+dir HTTP/1.0" 302
>
> Same Apache redirect response as for /default.ida
> and that, I know, works.
Depends what you mean by "works". Apache is sending the redirect me
On Fri, Sep 21, 2001 at 07:24:45AM +1000, Sam Varghese wrote:
| On Thu, Sep 20, 2001 at 09:20:23AM -0700, Greg Wiley wrote:
| > On Wednesday, September 19, 2001 11:55 PM, [EMAIL PROTECTED]
| >
| > > Nicholas Petreley had this suggestion for redirecting
| > > nimda probes using Apache:
| >
| > >
On Thu, 20 Sep 2001 16:12:17 CDT, "Brooks R. Robinson" writes:
>> > the worm wouldn't even know the difference, to it it looks like it would
>> > hit microsofts site from your url if it tries those extentions.
>>
>> Not correct, it gets a Redirect as the response, and it's its
>> responsibility to
"Brooks R. Robinson" <[EMAIL PROTECTED]> writes:
> > > the worm wouldn't even know the difference, to it it looks like it would
> > > hit microsofts site from your url if it tries those extentions.
> >
> > Not correct, it gets a Redirect as the response, and it's its
> > responsibility to follow i
Sam Varghese wrote:
> > Code Red, for instance, wouldn't follow redirects.
>
> try calling default.ida from my server --
>
> http://www.gnubies.com/default.ida
What for? If I do so with a browser, I'll presumably get redirected. But
the virus wouldn't, because IT ISN'T A BROWSER AND DOESN'T SU
On Thu, Sep 20, 2001 at 09:20:23AM -0700, Greg Wiley wrote:
> On Wednesday, September 19, 2001 11:55 PM, [EMAIL PROTECTED]
>
> > Nicholas Petreley had this suggestion for redirecting
> > nimda probes using Apache:
>
> > RedirectMatch ^.*\.(exe|dll).* http://support.microsoft.com
>
> Heh. I won
> > the worm wouldn't even know the difference, to it it looks like it would
> > hit microsofts site from your url if it tries those extentions.
>
> Not correct, it gets a Redirect as the response, and it's its
> responsibility to follow it, unless it's using a toolkit that does so
> automatically.
On Thu, Sep 20, 2001 at 10:30:02AM -0400, Alan Shutko wrote:
> Adam McDaniel <[EMAIL PROTECTED]> writes:
>
> > the worm wouldn't even know the difference, to it it looks like it would
> > hit microsofts site from your url if it tries those extentions.
>
> Not correct, it gets a Redirect as the re
also sprach John Hasler (on Thu, 20 Sep 2001 09:50:17AM -0500):
> And then Microsoft will accuse you of a DOS attack.
no, they'd be proud of all the traffic.
martin; (greetings from the heart of the sun.)
\ echo mailto: !#^."<*>"|tr "<*> mailto:"; [EMAIL PROTECTED]
--
"it appe
also sprach Adam McDaniel (on Thu, 20 Sep 2001 07:49:40AM -0600):
> the worm wouldn't even know the difference, to it it looks like it would
> hit microsofts site from your url if it tries those extentions.
wrong. apache sends an HTTP Redirect, and it's still the client's job
to execute the redire
also sprach Sam Varghese (on Thu, 20 Sep 2001 04:55:23PM +1000):
> Nicholas Petreley had this suggestion for redirecting
> nimda probes using Apache:
>
> RedirectMatch ^.*\.(exe|dll).* http://support.microsoft.com
well, this would definitely cause micro$oft to claim "Over 20 billion
accesses in t
On Wednesday, September 19, 2001 11:55 PM, [EMAIL PROTECTED]
> Nicholas Petreley had this suggestion for redirecting
> nimda probes using Apache:
> RedirectMatch ^.*\.(exe|dll).* http://support.microsoft.com
Heh. I wonder if nimda actually responds to redirects.
-=greg
On Thu, Sep 20, 2001 at 04:53:02PM +0100, Hereward Cooper wrote:
> once upon a time John Hasler <[EMAIL PROTECTED]> said:
>
> > Adam McDaniel writes:
> > > the worm wouldn't even know the difference, to it it looks like it
> > would
> > > hit microsofts site from your url if it tries those extenti
once upon a time John Hasler <[EMAIL PROTECTED]> said:
> Adam McDaniel writes:
> > the worm wouldn't even know the difference, to it it looks like it
> would
> > hit microsofts site from your url if it tries those extentions.
>
> And then Microsoft will accuse you of a DOS attack.
Couldn't you j
Adam McDaniel writes:
> the worm wouldn't even know the difference, to it it looks like it would
> hit microsofts site from your url if it tries those extentions.
And then Microsoft will accuse you of a DOS attack.
--
John Hasler
[EMAIL PROTECTED] (John Hasler)
Dancing Horse Hill
Elmwood, WI
Adam McDaniel <[EMAIL PROTECTED]> writes:
> the worm wouldn't even know the difference, to it it looks like it would
> hit microsofts site from your url if it tries those extentions.
Not correct, it gets a Redirect as the response, and it's its
responsibility to follow it, unless it's using a too
On Thu, Sep 20, 2001 at 09:15:58AM -0400, dman wrote:
> On Thu, Sep 20, 2001 at 04:55:23PM +1000, Sam Varghese wrote:
> | Nicholas Petreley had this suggestion for redirecting
> | nimda probes using Apache:
> |
> | RedirectMatch ^.*\.(exe|dll).* http://support.microsoft.com
>
> This is clever. I
On Thu, Sep 20, 2001 at 04:55:23PM +1000, Sam Varghese wrote:
| Nicholas Petreley had this suggestion for redirecting
| nimda probes using Apache:
|
| RedirectMatch ^.*\.(exe|dll).* http://support.microsoft.com
This is clever. I wonder, though, if the worm will actually follow
the redirect.
-D
On Thu, Sep 20, 2001 at 04:55:23PM +1000, Sam Varghese wrote:
> Nicholas Petreley had this suggestion for redirecting
> nimda probes using Apache:
>
> RedirectMatch ^.*\.(exe|dll).* http://support.microsoft.com
That is so tempting...
Mike
--
Michael P. Soulier <[EMAIL PROTECTED]>,
30 matches
Mail list logo
