AW: "suspicious" apache log entries
Phillip Hofmeister is right. This tool exists.
We used this at our companies network (a bigger one, some 100'000 users ;-).
All those Frontpage or I don't know what the hell they're using users with
iis and nimda on it, were difficult to track down. Of course we tried to
warn them before implementing this tool, but some were on holidays, others
did not have the time to fix it, others had dynamical IP addresses and so
So a little program called "Silver bullet" got developed. I think it run
even on Linux. When a backdoored server tried to contact the silver bullet
server, it got "shot down" by this script using nimda's backdoor. I window
popped up on the attacking machine and it's ip stack went down... It was
really amazing how fast all those server and workstations got patched and
finally there was peace again on the networks...
Well, but you're right: This is a beautyful tool on a companies network. But
if used on the internet, there could be legal issues. Why not introduce an
official "Internet Security Team" that officially has the right to do such
things. It would be for the good of the net! They could be a part of the
ICANN or UNO or whoever.
PGP / GPG Key: http://www.ncpro.com/GPG/mmweber-at-ncpro-com.asc
> -----Ursprungliche Nachricht-----
> Von: Vineet Kumar [mailto:email@example.com]
> Gesendet: Dienstag, 10. September 2002 12:58
> An: firstname.lastname@example.org
> Betreff: Re: "suspicious" apache log entries
> * Michael Renzmann (email@example.com) [020910 02:55]:
> > Phillip Hofmeister stated that one could use the Nimda backdoor on the
> > server that connects our server to setup a warning message on the
> > attacking computer's desktop. I think this is a great idea, but I have
> > not been able to track down what would be necessary to write code for
> > doing so. Anyone on this list interested in teaming up on writing such
> > an script?
> If you do, be prepared to go to jail...
> good times,
> "Computer Science is no more about computers
> than astronomy is about telescopes." -- E.W. Dijkstra