Re: red worm amusement - redirect
On Fri, Jul 20, 2001 at 06:24:54PM -0700, Alvin Oga wrote:
>
>
> hi ya Alson..
>
> if ya wrote a script... was thinking..wouldnt it be funny
> to redirect that incoming attack with the cgi script to
> redirect it back to the incoming machine ???
I don't think the worm implements the full HTTP protocol, I'm afraid
it won't do HTTP redirects, it might be possible with port forwarding
like stuff, but I don't really want to spend much time on it anymore,
since the worm won't attack after 19 July.
It might be an idea for the next time though, would be funny, IIRC it
was possible to get infected multiple times :)
> On Sat, 21 Jul 2001, Alson van der Meulen wrote:
>
> > On Sat, Jul 21, 2001 at 02:10:42AM +0200, Wichert Akkerman wrote:
> > >
> > > For amusement I checked the web logs for a few debian machines to see
> > > if they had some red worm attempts. Seems we've been probed a fair
> > > bit: 16 times on www.spi-inc.org, 22 on non-us.debian.org and 18
> > > on www.debian.org. Almost all attempts were made on July 19. Aren't
> > > we glad we all run Linux? :)
> >
> > I first saw it while tailing my access.log at home, grepping
> > access.log's of other servers showed indeed around 20 hits per server.
> >
> > Made some funny cgi script called /default.ida for fun :), apache
> > didn't appear to like the HTTP request though, but thttpd passed it
> > nicely to the cgi script. I even set up a temporary thttpd on a box
> > just for fun of logging, wondered what would happen if I would adjust
> > the router config at school to forward port 80 to an win2k server
> > running IIS (prolly wouldn't have worked with Dutch localized IIS :( )
> >
> > Linux people having fun with win2k-exploits ;)
Cheers,
Alson
--
,-------------------------------------------.
> Name: Alson van der Meulen <
> Personal: alson@flutnet.org <
> School: alson@gymnasiumleiden.nl <
`-------------------------------------------'
Where's the DIR command?
---------------------------------------------
Reply to: