Thu Jun 23 00:45:34 GMT 2005
write a PHP script to automatically turn around and do an http request to
the attacker that causes the machine to do anything, including pipe the
latest web server logs to the infected machine's local printer (if there is
one) or do a "net send * You are infected with CodeRed II" or maybe even
trigger ipconfig to disable the network adapters on the infected server.
Okay, okay, one could argue that I have then hacked his computer, but think
of this, if I have a bouncer guarding the door of my club and he gives a
harasser a bloody nose in a scuffel over who gets in, has he broken the law?
I personally feel that disabling an attacker's network card so he stops
causing a DOS attack by ARP flood on my network, is justfied force. It
would also STOP hackers from rooting his box, giving the attacker more
protection while he fixes the problem.
From: Fred Wittekind [mailto:rom at twister.dyndns.org]
Sent: Wednesday, August 08, 2001 11:11 AM
Would it be possible to send back a responce to a codered call that would
buffer overflow codered, and crash it? Since they made the connection to
you, and if you send back a responce that meets http standards, you
shouldn't be in the wrong. Expecially if you gage the buff overflow to only
crash the worm, and not the server.
More information about the list