[Dshield] RE: IIS Logs, Strikeback Script

Susan pobox2 at pinn.net
Fri Mar 29 23:34:27 GMT 2002


Keep us updated! Do you have an url for the Strikeback script?


Message: 13
From: "Forum Admin" <admin at forum.hottubnap.com>
To: <list at dshield.org>
Subject: RE: [Dshield] IIS Logs
Date: Thu, 28 Mar 2002 22:56:44 -0800
Reply-To: list at dshield.org

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

	Well, I've been running a perl "StrikeBack" script on my Apache
server for a little over a month. Although I've yet to see it shut
down an infected machine, it DOES trigger a firewall rule rather
nicely whenever Perl.exe accesses the internet in response to a code
red or nimda probe. I'm working on a way to have it post a console
message to the infected computer, which would remain on the victim's
screen until they hit OK. Been sending them manually so far, and in
only one case has it failed to get the user's attention. Haven't had
but one repeat scan.

--------------------------------




More information about the list mailing list