Snort mailing list archives
RE: Code Red attacks
From: "Jason Withrow" <jwithrow () mediaone net>
Date: Mon, 17 Sep 2001 18:49:41 -0400
Yeah, I have all the patches, plus ida's and idq's unmapped, so all it does is cause unnecessary bandwidth on my little netork. I can't block them at the router cause I don't have one. I am using NAT, and IPSEC is too unflexable to do anything good. Anyone know of a free win32 port filtering app? -----Original Message----- From: snort-users-admin () lists sourceforge net [mailto:snort-users-admin () lists sourceforge net] On Behalf Of Gordon Ewasiuk Sent: Monday, September 17, 2001 6:22 PM To: Jason Withrow Cc: snort-users () lists sourceforge net Subject: RE: [Snort-users] Code Red attacks On Today, Jason Withrow wrote:
What is the legal issue, it is a purely defensive mechanism.
On Today, Jason Withrow wrote:Since CR installs a CMD Shell that is freely accessable, Write a script that write a text file to that users computer.
<disclaimer> I am not a lawyer and despise Code Red as much as anyone. </disclaimer> You suggested writing a text file to an infected system. Such an act could be construed as tampering with that system, illegally uploading data, using their resources without their permission, etc. Some companies might even call that a break-in attempt. Not sure how I would handle it. I'm a firm beliver in proactive monitoring and patching. -Gordon -------------------------------------------------- Gordon Ewasiuk, Certifed Sun Fanatic, Winstar VHC The REAL office number is here-----> 703.893.4901 Tired of BSODs, My Computer, and Code Red? http://www.sun.com/solaris/binaries/ ------------------------------------------------- _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- RE: Code Red attacks, (continued)
- RE: Code Red attacks Gordon Ewasiuk (Sep 17)
- RE: Code Red attacks Jason Withrow (Sep 17)
- RE: Code Red attacks Erek Adams (Sep 17)
- RE: Code Red attacks Randy Bradley (Sep 18)
- RE: Code Red attacks F.M. Taylor (Sep 18)
- Re: Code Red attacks Alec Waters (Sep 18)
- RE: Code Red attacks Erek Adams (Sep 18)
- RE: Code Red attacks Adrian Mink (Sep 18)
- RE: Code Red attacks Erek Adams (Sep 18)
- RE: Code Red attacks Gordon Ewasiuk (Sep 17)
- RE: Code Red attacks Jason Withrow (Sep 17)
- RE: Code Red attacks Jason Withrow (Sep 17)
- RE: Code Red attacks Jason Withrow (Sep 17)
- RE: Code Red attacks Jason Withrow (Sep 17)
- RE: Code Red attacks Franki (Sep 18)
- Re: Code Red attacks Tim Olson (Sep 18)