Hi Phillip Hofmeister is right. This tool exists.
We used this at our companies network (a bigger one, some 100'000 users ;-). All those Frontpage or I don't know what the hell they're using users with iis and nimda on it, were difficult to track down. Of course we tried to warn them before implementing this tool, but some were on holidays, others did not have the time to fix it, others had dynamical IP addresses and so on. So a little program called "Silver bullet" got developed. I think it run even on Linux. When a backdoored server tried to contact the silver bullet server, it got "shot down" by this script using nimda's backdoor. I window popped up on the attacking machine and it's ip stack went down... It was really amazing how fast all those server and workstations got patched and finally there was peace again on the networks... Well, but you're right: This is a beautyful tool on a companies network. But if used on the internet, there could be legal issues. Why not introduce an official "Internet Security Team" that officially has the right to do such things. It would be for the good of the net! They could be a part of the ICANN or UNO or whoever. Marcel -------------------- PGP / GPG Key: http://www.ncpro.com/GPG/mmweber-at-ncpro-com.asc > -----Ursprungliche Nachricht----- > Von: Vineet Kumar [mailto:[EMAIL PROTECTED] > Gesendet: Dienstag, 10. September 2002 12:58 > An: [email protected] > Betreff: Re: "suspicious" apache log entries > > > * Michael Renzmann ([EMAIL PROTECTED]) [020910 02:55]: > > Phillip Hofmeister stated that one could use the Nimda backdoor on the > > server that connects our server to setup a warning message on the > > attacking computer's desktop. I think this is a great idea, but I have > > not been able to track down what would be necessary to write code for > > doing so. Anyone on this list interested in teaming up on writing such > > an script? > > If you do, be prepared to go to jail... > > good times, > Vineet > -- > http://www.doorstop.net/ > -- > "Computer Science is no more about computers > than astronomy is about telescopes." -- E.W. Dijkstra >
