[Gllug] Code Red Strikeback

David Irvine co2cool at yahoo.com
Sun Aug 12 21:54:46 UTC 2001 

Vincent AE Scott wrote:
> On Sat, 11 Aug 2001, David Irvine wrote:
> 
> 
>>Stig Brautaset wrote:
>>
>>>* Martin Ling <martin at pkl.net> spake thus:
>>>
>>>
>>>>If you haven't seen it on NTK already;
>>>>
>>>>http://www.dasbistro.com/default.ida
>>>>
>>>>Download the script and put it on your Apache servers.
>>>>
>>>>
>>>There was a big argument on the debian-user-list about this; many people
>>>argued that even just popping a message to the user saying that his/hers
>>>machine was infected would be illegal -- but then again, I guess the
>>>majority of the people on that list is from the US...
>>>
>>>Regards, Stig
>>>
>>>
>>>
>>The other way you could do this is to write a program that runs on port 
>>80 of your machine, when a connection is established, you dont 
>>disconnect the client, that way the iis machine connected to your 
>>machine, this script then issues the command to shut down the machine 
>>via an outgoing connection, however the client is still connected to 
>>your machine via the original connection. You shut down the iis machine 
>>and it disconnects from yours.
>>
> 
> exactly how is this going to work?
> the far end connevts to you from <some random port> to your machine on
> <80>.  you cant just talk back along his connection and end up connected
> to the web server's port.
> 
> -vince
> 
> p.s. hal could be taking its toll on me, and in the cold light of day i'll
> realise what a ghastly mistake i've made.
> 
> 

What I meant was, once the code red pc has connected to your computer, 
rather than sending 404 not found and dropping the connection instead, 
keep the connection alive for a while by sending a byte every now and 
again, or a very large file, then initiate a connection t o the pc from 
another port whilst it is till connected to your computer and send the 
command.


something along the lines  of

Begin bad pseudo code:

fork
if forked process
    connect to client
    send command
    disconnect
    exit
else
     send some text
      wait
     send some more
     wait
      send
    and so  on
end if
exit

end bad pseudo code




-- 
Gllug mailing list  -  Gllug at linux.co.uk
http://list.ftech.net/mailman/listinfo/gllug

More information about the GLLUG mailing list