[CLUE-Tech] Re: [rmiug-discuss] virus?? - linux folks take note
Jed S. Baer
thag at frii.com
Wed Sep 19 08:58:54 MDT 2001
Charlie Oriez wrote:
>
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> It was suggested on another list that I'm on that while the latest
> virus attack today is only directly infecting MSII servers, we're
> being impacted on our linux servers to some lesser extent because the
> attacks are tying up bandwidth.
>
> will this in fact work? Any downside? does the person have the code
> right?
Well, right off, I'd think a specific URL, rather than just
microsoft.com would be more believable. And if everyone running Apache
does this, it might result in a nice big DDOS on microsoft.
The FRII (Front Range Internet) tech list has had a lot of discussion,
including the following from Nathan Torkington (Author of the Perl
Cookbook, IIRC) for those using mod_perl:
http://www.torkington.com/vermicide.txt
The CERT advisory:
http://www.cert.org/body/advisories/CA200126_FA200126.html
This looks sorta interesting:
> Also, for non-webserver linux machines, consider the LaBrea tool,
> which mires bad traffic in TCP handshakes and slows down the
> progression of the worms.
> http://www.hackbusters.net/
> http://www.incidents.org/archives/intrusions/msg01723.html
IIRC, during CodeRed, there were sites where admins could forward their
grep'd log entries. That strikes me as tying up less bandwidth than
redirecting to microsoft.
Cheers,
jed
> The easiest and most convenient way to reduce the attacks on our
> servers is to alert Microsoft directly whenever one of their
> customers tells us that they have been infected by attacking our
> servers. The following lines in your .htaccess file will directly
> notify Microsoft of the attack, and permit Microsoft to contact their
> customer to instruct them on the security update du jour:
>
> redirect /scripts http://www.microsoft.com
> redirect /c http://www.microsoft.com
> redirect /d http://www.microsoft.com
> redirect /MSACD http://www.microsoft.com
> redirect /msacd http://www.microsoft.com
--
"Some people spend an entire lifetime wondering if they've made a
difference. Free Software developers don't have that problem."
More information about the clue-tech
mailing list