Re: FW: Careful. This is for information only.
for Windoze NT use net stop "Service Name" and net start to list running
services, something like
net stop "WWW Publishing Service" should stop IIS, might be different name but.
> On Mon, Aug 06, 2001 at 09:07:41AM -0700, Gilger.John wrote:
> | ------------ Forwarded Message -------------------------------------
> | According to incidents.org, for any machine that hits your webserver
> | with XXXXX, you can telnet back to that machine on port 80 and get
> | cmd line access to that machine:
> Nice! Some good reads on incidents.org.
> | Amazing! Someone on /. proposed writing a script that whenever
> | anyone hits your web server with XXXX, you automatically connect
> | back and halt the attacking machine, thus stopping the spread.
> I would ike to see something like this <grin>. I was thinking of
> putting a CGI script as /default.ida on my apache server and doing
> some funny stuff with it -- maybe combine the previous auto-alert
> stuff to notify the system it is hosed. Now if windoze had 'mail' and
> an MTA this shell access could allow one to mail the admin (as "root"
> of course) right after the probe. Does anyone know how to kill a
> process (ie the worm or IIS) or shutdown a windows system from the
> command line?
> To UNSUBSCRIBE, email to firstname.lastname@example.org
> with a subject of "unsubscribe". Trouble? Contact email@example.com