[aclug-L] Re: Denied connections

[gLaNDix (Jesse Kaufman) <glandix@xxxxxxxxxxxxxx>]

On Tue 28 Aug 2001 01:23 pm, you wrote:

> There are three major problems with the concept of an anti-worm:

but dang it, i can dream, can't i?  : ^ )

> The approach I take is that I have default.ida set up with Apache to be
> executed as a CGI script.  It uses the REMOTE_ADDR environment variable as
> the address of a machine to hack into (using the very easy-to-use backdoor
> installed by Code Red 2).  Once there, it executes the command "start /max
> http://24.163.128.147/CodeRed.html";, which launches the user's default
> browser in a maximized window and points it at my Code Red 2 warning page,
> which has helpful links to Microsoft's own security pages.

kewl...  i've actually read about a few similar perl scripts...  such as the 
Apache::CodeRed perl module which sounds pretty kewl...  essentially it 
reports the infected machine to the appropritate people (atleast as close as 
it can figure)...

gLaNDix
-- This is the discussion@xxxxxxxxx list.  To unsubscribe,
visit http://tmp2.complete.org/cgi-bin/listargate-aclug.cgi