On Sunday 12 August 2001 05:47 pm, Andrew Smith wrote:
> If you really think that emailing the people who can do something
> about it is a waste of time then try what I said to start with -
> the idiots running the MicroShaft machines obviously don't have a
> clue so emailing them probably wouldn't do much good
> (I rang my ISP and they asked me to email the list of IP's
> attacking me from their subnet!)
Have a look here as well.
http://www.securityfocus.com/archive/1/201907
>From the looks of it, if you provide the date, time, and IP of the
attacking machines, security focus will attempt to contact the relevant
parties. Since most of the attacks I've seen have been from within my
own ISP's address space, I'd prefer they got mad at security focus
rather than me for mailbombing them. ;)
> telnet xxx.xxx.xxx.xxx 80
> GET
> /scripts/root.exe?/c+net+send+localhost+\"Your+computer+is+infected+w
>ith
> +Code+Red+2.+See+www.incidents.org+for+instructions+on+how+to+remove.
>\" HTTP/1.0"return""return"
I actually tried this on 20 machines from my logs. It seems to have
worked on one, and failed on 19 others. I managed to connect to all 20,
but it appears that /scripts/root.exe wasn't available. I got an error
message in response to the attempt.
What would really help, is if the media and Microsoft would stop saying
things like: "The vast majority of home users are not at risk for this
exploit." (From several articles on CNN.com last week) It would be far
more useful if they told the public to open a dos window, and type
netstat -p tcp and look for port 80. Hell, as long as they are looking,
they could remove some of the trojans that are probably installed. ;)
They could then give them instructions for turning off the web servers
they don't even know they are running.
Seems to me that telling the clueless they have nothing to fear isn't
going to make this go away.
Just my $ 0.02
-D
_______________________________________________
Seawolf-list mailing list
[EMAIL PROTECTED]
https://listman.redhat.com/mailman/listinfo/seawolf-list
