----- Original Message -----
Sent: Tuesday, September 25, 2001 12:16
PM
Subject: RE: [IMail Forum] Boomerang/Judo
code (was: Virus Attacks)
That's
our code, if anyone has any questions about it. I posted it to a couple of
lists yesterday, after Len posted an Apache version and gave me the idea.
Looks like it's made the rounds and had its owner's name stripped from it and
it's name changed from 404Judo.asp, but otherwise it's good. Boomerang
indeed.
Note that
since you're turning the request back onto an infected server, the http GET
should have access to its own cmd.exe file. You know, just in case you want to
assist in their anti-viral efforts by re-formatting their C drive for them. ;)
Please don't ask me how to do that.
Tim, A
friend sent me this file snd said that it is a asp script that you can load
on your IIS server and when a server tries to code red you it will send
packets back to the server that is trying to attack you and after about 10
packets it shuts down there IIS services. I have not looked at it yet but
came from a close friend.
> --- Original Message ---
> From:
"Tim" <[EMAIL PROTECTED]>
>
To: "Imail" <[EMAIL PROTECTED]>
>
Date: Mon, 24 Sep 2001 20:52:55 -0500
> Subject: [IMail Forum] Virus
Attacks
>
> Does anyone know of a utility that will
automatically block those IIS
> servers that constantly try to attack
an Imail server to stop these constant
> attempts to attack port 80?
Has anyone written a script that will add them
> to the kill file? I
think this would be a great
> script/software/enhancement!!!!
>
> 20010924 204806 Socket Error - 63.237.172.134 Error while writing
sockect
> due to error 10054 or malicious connection type.
>
20010924 204806 Socket Error - 63.237.172.134 Error while writing
sockect
> due to error 10054 or malicious connection type.
>
20010924 204806 Socket Error - 63.237.172.134 Error while writing
sockect
> due to error 10054 or malicious connection type.
>
20010924 204807 Info - 63.237.172.134 GET /MSADC/root.exe?/c+dir
HTTP/1.0.
>
> Anyone
>
> Tim
D
