[NTLUG:Discuss] Red Worm flood on port 80
Michael Patrick
michael at techiesplace.com
Sat Aug 4 23:13:44 CDT 2001
Hmmmm... maybe link default.ida to a script which targets them. You could use the Index Server exploit (which they are obviously victims of) and code your payload to shut down their IIS.
Michael
On Sat, Aug 04, 2001 at 11:00:19PM -0500, Richard Geoffrion wrote:
> Is there anything that I could do to create havok with the systems scanning
> me? What about creating a default.ida file and filling it with some data?
> (I know...that just fills up more bandwidth...)
>
> But there has to be some organization doing counter-'terrorist' hacking.
>
> just wondering.
> -Richard
>
> ----- Original Message -----
> From: "Michael Patrick" <michael at techiesplace.com>
> To: <discuss at ntlug.org>
> Sent: Saturday, August 04, 2001 10:49 PM
> Subject: Re: [NTLUG:Discuss] Red Worm flood on port 80
>
>
> > It isn't just you...
> >
> > I've 300 today so far, plus whatever is hitting my non-webserver IPs
> >
> > Michael
> > (yep, @Home user)
> >
> > [michael at www michael]$ grep "default.ida"
> /usr/local/apache/logs/access_log | grep "04/Aug/2001" | wc -l
> > 300
> > _______________________________________________
> > http://www.ntlug.org/mailman/listinfo/discuss
> >
>
> _______________________________________________
> http://www.ntlug.org/mailman/listinfo/discuss
>
>
More information about the Discuss
mailing list