Re: [cobalt-security] Hacking my Raq4i???

[Jeremy Hull <jeremy@xxxxxxxxxxxx>]

Gerald Young wrote:
> 
> Hi all
> 
> > Consider the large number of people who buy Microsoft because they think
> > it's the best, or the number of folks who install computer systems who
> > know little about them(kinda less than Appliance Operators), or the number
> > of folks who think they can have their web pages on their own server with
> > little effort and/or knowledge) and you come up with a significant number
> > of systems that are running on autopilot...in a very large circle.
> 
> Agreed I don't think it will go away is it up to the unix community to devise a
> fight back that can go back to the originating server access it and kill code
> red.
> I dont believe many windoze users will be even aware they aere infected for a
> week or two and by then it is somewhere else.
> anyway im going to write a script to email the servers that hit us and advise
> them.
> Does anyone know what email is likely to exist and/or be read i have no idea of
> how a windows server operates. ie should i send an email to
> admin@ipaddress 0r root@ipaddress
> best wishes Wampy


Your best bet would be to have your script do a whois on the network that the worm
is coming from and email the administrator. Most Windows web servers are not
running a mailer daemon.



> 
> >
> > Of course, that says nothing of the idiotic zone transfer requests or
> > duplicate domain names from dim-bulbs  using Win2000.
> >
> > Thom
> >
> >
> > _______________________________________________
> > cobalt-security mailing list
> > cobalt-security@xxxxxxxxxxxxxxx
> > http://list.cobalt.com/mailman/listinfo/cobalt-security
> _______________________________________________
> cobalt-security mailing list
> cobalt-security@xxxxxxxxxxxxxxx
> http://list.cobalt.com/mailman/listinfo/cobalt-security