[Dshield] fighting back against CodeRed

NOC noc at icn.state.ia.us
Wed Aug 8 13:41:18 GMT 2001


Yeah, but I know the code is waiting for a response, maybe I can use
this....

-----Original Message-----
From: Mark Martin [mailto:wolf at bescape.com]
Sent: Tuesday, August 07, 2001 10:29 PM
To: dshield at dshield.org
Subject: RE: [Dshield] fighting back against CodeRed


BTW, dropping the packets won't impact the attempt.

Mark

-----Original Message-----
From: dshield-admin at dshield.org [mailto:dshield-admin at dshield.org]On
Behalf Of Quibell, Marc
Sent: Monday, August 06, 2001 2:32 PM
To: 'dshield at dshield.org'
Subject: RE: [Dshield] fighting back against CodeRed


Good idea. I was just thinking on how we can turn this code-red worm back
and neutralize the infected machine. But first we must have a way of
automatically identifying a code-red attack and then injection of the "Code
Red patch code". Or we'll have to do it manually. If any programmer would be
kind enough to develop an .exe that would expose the 'backdoor', get in and
have the server run the patch via a script file, I'm all for it... In the
meantime I'll be concentrating on how to get the routers to drop packets and
maybe the code-red, not getting a return reply, will drop its' attempts...

_______________________________________________
Dshield mailing list
Dshield at dshield.org
To change your subscription options (or unsubscribe), see:
http://www1.dshield.org/mailman/listinfo/dshield




More information about the list mailing list