[Dshield] perl auto-responder script

Johannes B. Ullrich jullrich at euclidian.com
Fri Oct 19 03:39:57 GMT 2001


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1


Quick note... This email triggered a lot of anti virus scanners in mail
servers due to the filename of the script. I took a quick look at the code
and it does not look in anyway malicious.

However: Don't forget your 'safe computing' rules. You should not run a
script you receive on any list without doing some review of it first ;-).


> Someone may have already posted something like this, and I just missed it.
> But, here's a replacement for root.exe that e-mails administrator on the
> machine that is scanning for it.  It's written in perl and meant to run from
> Unix/Apache.  I put it on my Apache servers to run in response to scans
> which attempt to run the real root.exe.  So, if e-mail works - then an e-mail
> is sent asking the Administrator of the scanning machine to please stop.

- -- 
- -------
jullrich at sans.org                    Join http://www.DShield.org
                          Distributed Intrusion Detection System


-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (GNU/Linux)
Comment: For info see http://www.gnupg.org

iD8DBQE7z6CPVOIizK5pIDMRAvE9AKDJp0NQE+tUzGP/HSHO5sJJwpRsDwCcD6Lc
FjeDQCSdjRayXXlyhOx2HJs=
=X02u
-----END PGP SIGNATURE-----




More information about the list mailing list