hi ya Alson..
if ya wrote a script... was thinking..wouldnt it be funny to redirect that incoming attack with the cgi script to redirect it back to the incoming machine ??? c ya alvin On Sat, 21 Jul 2001, Alson van der Meulen wrote: > On Sat, Jul 21, 2001 at 02:10:42AM +0200, Wichert Akkerman wrote: > > > > For amusement I checked the web logs for a few debian machines to see > > if they had some red worm attempts. Seems we've been probed a fair > > bit: 16 times on www.spi-inc.org, 22 on non-us.debian.org and 18 > > on www.debian.org. Almost all attempts were made on July 19. Aren't > > we glad we all run Linux? :) > > I first saw it while tailing my access.log at home, grepping > access.log's of other servers showed indeed around 20 hits per server. > > Made some funny cgi script called /default.ida for fun :), apache > didn't appear to like the HTTP request though, but thttpd passed it > nicely to the cgi script. I even set up a temporary thttpd on a box > just for fun of logging, wondered what would happen if I would adjust > the router config at school to forward port 80 to an win2k server > running IIS (prolly wouldn't have worked with Dutch localized IIS :( ) > > Linux people having fun with win2k-exploits ;)
