[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[cobalt-security] PHP script to notify contacts related to IP initiating Code Red attack

Subject: [cobalt-security] PHP script to notify contacts related to IP initiating Code Red attack
From: "Steve Werby" <steve-lists@xxxxxxxxxxxx>
Date: Mon, 13 Aug 2001 17:12:48 -0400
List-id: Mailing list for users to address network security on Cobalt products. <cobalt-security.list.cobalt.com>

Recently there was a thread where some list members were discussing
automation of a script to email contacts related to the IP that's been
infected by Code Red and is "visiting" your machine.  In general I don't
think it's a good idea to automate this since it can generate a lot of
unnecessary traffic and clog email boxes, but for the sake of learning how
to write such a script I'm including a link to one I came across while
reading another list.

http://www.klippan.seths.se/default.phps

The script logs the offenders and emails contacts pulled from a whois
lookup.  At first glance I don't think it checks the log to see if the IP is
a repeat visitor, but if it doesn't do that I strongly encourage anyone
thinking about using it to modify to do so first.  Perhaps that's a
non-issue for Code Red, but it could be an issue for other worms.  I have
not tested the script and do not plan on doing so.  By passing this on I do
not condone its use, but I do think logging is a good idea

--
Steve Werby
President, Befriend Internet Services LLC
http://www.befriend.com/

Follow-Ups:
- Re: [cobalt-security] PHP script to notify contacts related to IP initiating Code Red attack
  - From: baltimoremd

Prev by Date: Re: [cobalt-security] new kernel needed for firewall (?)
Next by Date: Re: [cobalt-security] Redhat upgrade???
Previous by thread: Re: [cobalt-security] new kernel needed for firewall (?)
Next by thread: Re: [cobalt-security] PHP script to notify contacts related to IP initiating Code Red attack

Sun Cobalt Security Message Index

Sun Cobalt Security Thread Index