dman wrote:
On Fri, Sep 21, 2001 at 09:29:11AM -0500, Keith G. Murphy wrote:
| DvB wrote:
...
| You could always set up a tarpit:
|
| http://www.hackbusters.net/LaBrea/
|
| How is this different from, or better than, CodeRedneck?
If you read the page, it says that LaBrea is the
on Thu, Sep 20, 2001 at 04:55:23PM +1000, Sam Varghese ([EMAIL PROTECTED])
wrote:
Nicholas Petreley had this suggestion for redirecting
nimda probes using Apache:
RedirectMatch ^.*\.(exe|dll).* http://support.microsoft.com
Of course, one can choose to redirect the request anywhere
Karsten M. Self wrote:
...
In /var/lib/dpkg:
32504 info
4564available-old
4564available
2816methods
...is it possible to clear out the 'info' directory? This contains the
list, md5sums, postinst, postrm, preinst, prerm, and shlibs files for
packages. I
on Fri, Sep 21, 2001 at 12:07:55AM -0700, Erik Steffl ([EMAIL PROTECTED]) wrote:
Karsten M. Self wrote:
...
In /var/lib/dpkg:
32504 info
4564available-old
4564available
2816methods
...is it possible to clear out the 'info' directory? This contains
DvB wrote:
Brooks R. Robinson [EMAIL PROTECTED] writes:
the worm wouldn't even know the difference, to it it looks like it would
hit microsofts site from your url if it tries those extentions.
Not correct, it gets a Redirect as the response, and it's its
responsibility to
On Fri, Sep 21, 2001 at 09:29:11AM -0500, Keith G. Murphy wrote:
| DvB wrote:
...
| You could always set up a tarpit:
|
| http://www.hackbusters.net/LaBrea/
|
| How is this different from, or better than, CodeRedneck?
If you read the page, it says that LaBrea is the next generation of
Nicholas Petreley had this suggestion for redirecting
nimda probes using Apache:
RedirectMatch ^.*\.(exe|dll).* http://support.microsoft.com
Of course, one can choose to redirect the request anywhere.
Sam
--
(Sam Varghese)
http://www.gnubies.com
On Thu, Sep 20, 2001 at 04:55:23PM +1000, Sam Varghese wrote:
Nicholas Petreley had this suggestion for redirecting
nimda probes using Apache:
RedirectMatch ^.*\.(exe|dll).* http://support.microsoft.com
That is so tempting...
Mike
--
Michael P. Soulier [EMAIL PROTECTED], GnuPG
On Thu, Sep 20, 2001 at 04:55:23PM +1000, Sam Varghese wrote:
| Nicholas Petreley had this suggestion for redirecting
| nimda probes using Apache:
|
| RedirectMatch ^.*\.(exe|dll).* http://support.microsoft.com
This is clever. I wonder, though, if the worm will actually follow
the redirect.
-D
On Thu, Sep 20, 2001 at 09:15:58AM -0400, dman wrote:
On Thu, Sep 20, 2001 at 04:55:23PM +1000, Sam Varghese wrote:
| Nicholas Petreley had this suggestion for redirecting
| nimda probes using Apache:
|
| RedirectMatch ^.*\.(exe|dll).* http://support.microsoft.com
This is clever. I
Adam McDaniel [EMAIL PROTECTED] writes:
the worm wouldn't even know the difference, to it it looks like it would
hit microsofts site from your url if it tries those extentions.
Not correct, it gets a Redirect as the response, and it's its
responsibility to follow it, unless it's using a
Adam McDaniel writes:
the worm wouldn't even know the difference, to it it looks like it would
hit microsofts site from your url if it tries those extentions.
And then Microsoft will accuse you of a DOS attack.
--
John Hasler
[EMAIL PROTECTED] (John Hasler)
Dancing Horse Hill
Elmwood, WI
once upon a time John Hasler [EMAIL PROTECTED] said:
Adam McDaniel writes:
the worm wouldn't even know the difference, to it it looks like it
would
hit microsofts site from your url if it tries those extentions.
And then Microsoft will accuse you of a DOS attack.
Couldn't you just claim
On Thu, Sep 20, 2001 at 04:53:02PM +0100, Hereward Cooper wrote:
once upon a time John Hasler [EMAIL PROTECTED] said:
Adam McDaniel writes:
the worm wouldn't even know the difference, to it it looks like it
would
hit microsofts site from your url if it tries those extentions.
And
On Wednesday, September 19, 2001 11:55 PM, [EMAIL PROTECTED]
Nicholas Petreley had this suggestion for redirecting
nimda probes using Apache:
RedirectMatch ^.*\.(exe|dll).* http://support.microsoft.com
Heh. I wonder if nimda actually responds to redirects.
-=greg
also sprach Sam Varghese (on Thu, 20 Sep 2001 04:55:23PM +1000):
Nicholas Petreley had this suggestion for redirecting
nimda probes using Apache:
RedirectMatch ^.*\.(exe|dll).* http://support.microsoft.com
well, this would definitely cause micro$oft to claim Over 20 billion
accesses
also sprach Adam McDaniel (on Thu, 20 Sep 2001 07:49:40AM -0600):
the worm wouldn't even know the difference, to it it looks like it would
hit microsofts site from your url if it tries those extentions.
wrong. apache sends an HTTP Redirect, and it's still the client's job
to execute the
also sprach John Hasler (on Thu, 20 Sep 2001 09:50:17AM -0500):
And then Microsoft will accuse you of a DOS attack.
no, they'd be proud of all the traffic.
martin; (greetings from the heart of the sun.)
\ echo mailto: !#^.*|tr * mailto:; [EMAIL PROTECTED]
--
it appears that
On Thu, Sep 20, 2001 at 10:30:02AM -0400, Alan Shutko wrote:
Adam McDaniel [EMAIL PROTECTED] writes:
the worm wouldn't even know the difference, to it it looks like it would
hit microsofts site from your url if it tries those extentions.
Not correct, it gets a Redirect as the response,
the worm wouldn't even know the difference, to it it looks like it would
hit microsofts site from your url if it tries those extentions.
Not correct, it gets a Redirect as the response, and it's its
responsibility to follow it, unless it's using a toolkit that does so
automatically.
Code
On Thu, Sep 20, 2001 at 09:20:23AM -0700, Greg Wiley wrote:
On Wednesday, September 19, 2001 11:55 PM, [EMAIL PROTECTED]
Nicholas Petreley had this suggestion for redirecting
nimda probes using Apache:
RedirectMatch ^.*\.(exe|dll).* http://support.microsoft.com
Heh. I wonder
Sam Varghese wrote:
Code Red, for instance, wouldn't follow redirects.
try calling default.ida from my server --
http://www.gnubies.com/default.ida
What for? If I do so with a browser, I'll presumably get redirected. But
the virus wouldn't, because IT ISN'T A BROWSER AND DOESN'T SUPPORT
Brooks R. Robinson [EMAIL PROTECTED] writes:
the worm wouldn't even know the difference, to it it looks like it would
hit microsofts site from your url if it tries those extentions.
Not correct, it gets a Redirect as the response, and it's its
responsibility to follow it, unless it's
On Thu, 20 Sep 2001 16:12:17 CDT, Brooks R. Robinson writes:
the worm wouldn't even know the difference, to it it looks like it would
hit microsofts site from your url if it tries those extentions.
Not correct, it gets a Redirect as the response, and it's its
responsibility to follow it,
On Fri, Sep 21, 2001 at 07:24:45AM +1000, Sam Varghese wrote:
| On Thu, Sep 20, 2001 at 09:20:23AM -0700, Greg Wiley wrote:
| On Wednesday, September 19, 2001 11:55 PM, [EMAIL PROTECTED]
|
| Nicholas Petreley had this suggestion for redirecting
| nimda probes using Apache
Sam Varghese wrote:
Looking at my logs, it seems to work:
GET /cmd.dll HTTP/1.0 302
GET /c/winnt/system32/cmd.exe?/c+dir HTTP/1.0 302
Same Apache redirect response as for /default.ida
and that, I know, works.
Depends what you mean by works. Apache is sending the redirect message
that
Looking at my logs, it seems to work:
GET /cmd.dll HTTP/1.0 302
GET /c/winnt/system32/cmd.exe?/c+dir HTTP/1.0 302
Yeah, but just because your Apache sends a 302 code back to
the Nimda box doesn't mean it will use this information and hit
www.microsoft.com. If you redirected it to another
On: Thursday, September 20, 2001 2:09 PM, [EMAIL PROTECTED]
the worm wouldn't even know the difference, to it it looks like it
would
hit microsofts site from your url if it tries those extentions.
Not correct, it gets a Redirect as the response, and it's its
responsibility to follow it,
On Thu, Sep 20, 2001 at 10:17:30AM -0600, Adam McDaniel wrote:
And then Microsoft will accuse you of a DOS attack.
Couldn't you just claim that your machine was inffected?
either way, its microsoft's fault anyway :)
well, they released the patch almost a year ago.. it's their fault
also sprach Brooks R. Robinson (on Thu, 20 Sep 2001 04:12:17PM -0500):
What about port forwarding? It'd still up the CPU usage on a machine, but
would it have the same results? I so much want to do this.
sure, that would work. if you can afford the bandwidth. i got 2.7Gb in
four hours in mere
On Thu, Sep 20, 2001 at 09:50:17AM -0500, John Hasler wrote:
| Adam McDaniel writes:
| the worm wouldn't even know the difference, to it it looks like it would
| hit microsofts site from your url if it tries those extentions.
|
| And then Microsoft will accuse you of a DOS attack.
How so?
31 matches
Mail list logo
