Re: red worm amusement - redirect
hi ya Alson..
if ya wrote a script... was thinking..wouldnt it be funny
to redirect that incoming attack with the cgi script to
redirect it back to the incoming machine ???
c ya
alvin
On Sat, 21 Jul 2001, Alson van der Meulen wrote:
> On Sat, Jul 21, 2001 at 02:10:42AM +0200, Wichert Akkerman wrote:
> >
> > For amusement I checked the web logs for a few debian machines to see
> > if they had some red worm attempts. Seems we've been probed a fair
> > bit: 16 times on www.spi-inc.org, 22 on non-us.debian.org and 18
> > on www.debian.org. Almost all attempts were made on July 19. Aren't
> > we glad we all run Linux? :)
>
> I first saw it while tailing my access.log at home, grepping
> access.log's of other servers showed indeed around 20 hits per server.
>
> Made some funny cgi script called /default.ida for fun :), apache
> didn't appear to like the HTTP request though, but thttpd passed it
> nicely to the cgi script. I even set up a temporary thttpd on a box
> just for fun of logging, wondered what would happen if I would adjust
> the router config at school to forward port 80 to an win2k server
> running IIS (prolly wouldn't have worked with Dutch localized IIS :( )
>
> Linux people having fun with win2k-exploits ;)
Reply to: