[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: FW: Careful. This is for information only.

On Mon, Aug 06, 2001 at 09:07:41AM -0700, Gilger.John wrote:
| ------------ Forwarded Message -------------------------------------
| According to incidents.org, for any machine that hits your webserver
| with XXXXX, you can telnet back to that machine on port 80 and get
| cmd line access to that machine:
 
Nice!  Some good reads on incidents.org.

| Amazing!  Someone on /. proposed writing a script that whenever
| anyone hits your web server with XXXX, you automatically connect
| back and halt the attacking machine, thus stopping the spread.

I would ike to see something like this <grin>.  I was thinking of
putting a CGI script as /default.ida on my apache server and doing
some funny stuff with it -- maybe combine the previous auto-alert
stuff to notify the system it is hosed.  Now if windoze had 'mail' and
an MTA this shell access could allow one to mail the admin (as "root"
of course) right after the probe.  Does anyone know how to kill a
process (ie the worm or IIS) or shutdown a windows system from the
command line?

-D
Reply to: