RE: [IMail Forum] Boomerang/Judo code (was: Virus Attacks)

Tue, 25 Sep 2001 09:30:05 -0700

That's our code, if anyone has any questions about it. I posted it to a couple of lists yesterday, after Len posted an Apache version and gave me the idea. Looks like it's made the rounds and had its owner's name stripped from it and it's name changed from 404Judo.asp, but otherwise it's good. Boomerang indeed.
 
Note that since you're turning the request back onto an infected server, the http GET should have access to its own cmd.exe file. You know, just in case you want to assist in their anti-viral efforts by re-formatting their C drive for them. ;) Please don't ask me how to do that.

Ron Hornbaker
President/CTO
  .  .  .  .  .  .  .  .  .  .  .  .  http://humankindsystems.com
  .  .  .  .  .  .  .  .  .  .  .  .  w e  c o d e.  w e  c a r e.

  .  Come say Hi to us at ISPCON in Las Vegas, October 9-11, booth #3620!
  .  http://www.ispcon.com/fall2001/attend-exhibitordetail.asp?X_ID=1792
  .  http://AnswerTrack.com - eCRM email tracking solution
  .  http://KillerWebMail.com - the name says it all
  .  http://hksi.net/products - EZSignUp, You'veGotIMail!, etc...
  .  http://hksi.net/testimonials - 1,666 admins can't be wrong


-----Original Message-----
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Ken Anderson
Sent: Tuesday, September 25, 2001 8:04 AM
To: Imail; Tim
Subject: Re: [IMail Forum] Virus Attacks

Tim, A friend sent me this file snd said that it is a asp script that you can load on your IIS server and when a server tries to code red you it will send packets back to the server that is trying to attack you and after about 10 packets it shuts down there IIS services. I have not looked at it yet but came from a close friend.

> --- Original Message ---
> From: "Tim" <[EMAIL PROTECTED]>
> To: "Imail" <[EMAIL PROTECTED]>
> Date: Mon, 24 Sep 2001 20:52:55 -0500
> Subject: [IMail Forum] Virus Attacks
>
> Does anyone know of a utility that will automatically block those IIS
> servers that constantly try to attack an Imail server to stop these constant
> attempts to attack port 80? Has anyone written a script that will add them
> to the kill file? I think this would be a great
> script/software/enhancement!!!!
>
> 20010924 204806 Socket Error - 63.237.172.134 Error while writing sockect
> due to error 10054 or malicious connection type.
> 20010924 204806 Socket Error - 63.237.172.134 Error while writing sockect
> due to error 10054 or malicious connection type.
> 20010924 204806 Socket Error - 63.237.172.134 Error while writing sockect
> due to error 10054 or malicious connection type.
> 20010924 204807 Info - 63.237.172.134 GET /MSADC/root.exe?/c+dir HTTP/1.0.
>
> Anyone
>
> Tim D

Reply via email to