[Dshield] fighting back against CodeRed

Mark Martin wolf at bescape.com
Wed Aug 8 03:29:17 GMT 2001


BTW, dropping the packets won't impact the attempt.

Mark

-----Original Message-----
From: dshield-admin at dshield.org [mailto:dshield-admin at dshield.org]On
Behalf Of Quibell, Marc
Sent: Monday, August 06, 2001 2:32 PM
To: 'dshield at dshield.org'
Subject: RE: [Dshield] fighting back against CodeRed


Good idea. I was just thinking on how we can turn this code-red worm back
and neutralize the infected machine. But first we must have a way of
automatically identifying a code-red attack and then injection of the "Code
Red patch code". Or we'll have to do it manually. If any programmer would be
kind enough to develop an .exe that would expose the 'backdoor', get in and
have the server run the patch via a script file, I'm all for it... In the
meantime I'll be concentrating on how to get the routers to drop packets and
maybe the code-red, not getting a return reply, will drop its' attempts...




More information about the list mailing list