RE: [cobalt-security] OT: Mail to Windows Admins (WAS: Hacking my Raq4i???)

[Ted Behling <TBehling@xxxxxxxxxxxxx>]

Have fun.  If I were writing the script, I'd first do a reverse DNS lookup
to get the domain name, then strip the full hostname (i.e.,
server.example.com) down to the 2nd-level domain name (example.com), then
do a whois lookup (whois -h whois.networksolutions.com example.com), and
finally send e-mail to the administrative and technical contacts for the
domain.  It'd be a chore to write, but you'd get most of the hosts that
way.  You can extend the above to cope with international domains
(host.example.com.br), if you want.  Maybe you can package it as a generic
"emailtheadmin" script.  I suggest you write it in Perl. :)

At 11:10 AM 8/7/01 +1200, Gerald Young wrote:
>I dont believe many windoze users will be even aware they aere infected for a
>week or two and by then it is somewhere else.
>anyway im going to write a script to email the servers that hit us and advise
>them.
>Does anyone know what email is likely to exist and/or be read i have no
idea of
>how a windows server operates. ie should i send an email to
>admin@ipaddress 0r root@ipaddress
>best wishes Wampy


--------------------------------------------------------------------------
Ted Behling, Web Application Developer - Monarch Information Systems, Inc.

43 Folly Field Road, Unit 4, Hilton Head Island, SC 29928-5434
E-mail: mailto:TBehling@xxxxxxxxxxxxx
Phone/Fax: 1-800-842-7894    Local or Outside the USA: 1-843-842-7894
Cell Phone (urgent issues): 843-816-7895
Cell Phone E-mail: mailto:TedPhone@xxxxxxxxxxxxx (116 letter limit)
Web site: http://www.MonarchIS.net
--------------------------------------------------------------------------