|
See the Archives, Ron and several others have posted messages
containing it.
Kevin Childers
NetQuick Customer Support.
(910)
486-7845
(888) 228-0312
----- Original Message -----
Sent: Wednesday, September 26, 2001 12:26
PM
Subject: RE: [IMail Forum] Boomerang/Judo
code (was: Virus Attacks)
I've
seen the discussion about this script, can anyone tell me where I can find a
copy?
John
A. Burns
I totally agree,
hence the little winky-face after that statement. I think we all can relate
to the frustration of watching infected servers continue to drive our
bandwidth through the roof with DoS attacks several days after public news
of the problem and fix.
Ron Hornbaker
President/CTO
. . . . . . . . .
. . . http://humankindsystems.com
. . . . . . . . .
. . . w e c o d e. w e c a r
e.
Maybe a better idea would be to stop a
service or two (say, IIS?). I can appreciate the sentiment, but I
sure wouldn't want to have to tell someone that thier whole C: drive was
wiped.
David Fletcher
----- Original Message -----
Sent: Tuesday, September 25, 2001
12:16 PM
Subject: RE: [IMail Forum]
Boomerang/Judo code (was: Virus Attacks)
That's our code, if anyone has any questions about it. I posted
it to a couple of lists yesterday, after Len posted an Apache version
and gave me the idea. Looks like it's made the rounds and had its
owner's name stripped from it and it's name changed from 404Judo.asp,
but otherwise it's good. Boomerang indeed.
Note that since you're turning the request back onto an infected
server, the http GET should have access to its own cmd.exe file. You
know, just in case you want to assist in their anti-viral efforts by
re-formatting their C drive for them. ;) Please don't ask me how to do
that.
Tim,
A friend sent me this file snd said that it is a asp script that you
can load on your IIS server and when a server tries to code red you it
will send packets back to the server that is trying to attack you and
after about 10 packets it shuts down there IIS services. I have not
looked at it yet but came from a close friend.
> ---
Original Message ---
> From: "Tim" <[EMAIL PROTECTED]>
>
To: "Imail" <[EMAIL PROTECTED]>
>
Date: Mon, 24 Sep 2001 20:52:55 -0500
> Subject: [IMail Forum]
Virus Attacks
>
> Does anyone know of a utility that will
automatically block those IIS
> servers that constantly try to
attack an Imail server to stop these constant
> attempts to
attack port 80? Has anyone written a script that will add them
>
to the kill file? I think this would be a great
>
script/software/enhancement!!!!
>
> 20010924 204806
Socket Error - 63.237.172.134 Error while writing sockect
> due
to error 10054 or malicious connection type.
> 20010924 204806
Socket Error - 63.237.172.134 Error while writing sockect
> due
to error 10054 or malicious connection type.
> 20010924 204806
Socket Error - 63.237.172.134 Error while writing sockect
> due
to error 10054 or malicious connection type.
> 20010924 204807
Info - 63.237.172.134 GET /MSADC/root.exe?/c+dir HTTP/1.0.
>
> Anyone
>
> Tim
D
|
