[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[cobalt-security] PHP script to notify contacts related to IP initiating Code Red attack
- Subject: [cobalt-security] PHP script to notify contacts related to IP initiating Code Red attack
- From: "Steve Werby" <steve-lists@xxxxxxxxxxxx>
- Date: Mon, 13 Aug 2001 17:12:48 -0400
- List-id: Mailing list for users to address network security on Cobalt products. <cobalt-security.list.cobalt.com>
Recently there was a thread where some list members were discussing
automation of a script to email contacts related to the IP that's been
infected by Code Red and is "visiting" your machine. In general I don't
think it's a good idea to automate this since it can generate a lot of
unnecessary traffic and clog email boxes, but for the sake of learning how
to write such a script I'm including a link to one I came across while
reading another list.
http://www.klippan.seths.se/default.phps
The script logs the offenders and emails contacts pulled from a whois
lookup. At first glance I don't think it checks the log to see if the IP is
a repeat visitor, but if it doesn't do that I strongly encourage anyone
thinking about using it to modify to do so first. Perhaps that's a
non-issue for Code Red, but it could be an issue for other worms. I have
not tested the script and do not plan on doing so. By passing this on I do
not condone its use, but I do think logging is a good idea
--
Steve Werby
President, Befriend Internet Services LLC
http://www.befriend.com/