AW: [suse-security] Is it possible to return something, so Nimda would crash?
Hi, you can always ask ARIN (whois whois.arin.net <ip>) or (in Europe) RIPE (whois.ripe.net), it will give you the administrative contact(s) for the netblock the questioned ip is in. I hacked a small shell script which takes an access_log file from my servers, extracts the nimda-type requests, does a lookup of the admin's email and sends him _one_ mail (with URLs pointing to NIMDA informations and how to remove it). Can't tell how successful I was with this attempt, but sent out 350 mails and received no "shut up"... Thomas -----Ursprungliche Nachricht----- Von: Alexey N. Solofnenko [mailto:alexeys@citechlabs.com] Gesendet: Montag, 24. September 2001 22:03 An: suse-security@suse.com Betreff: RE: [suse-security] Is it possible to return something, so Nimda would crash? Is it possible to retrieve administrator's email address from IIS? Or there is always a standard admin address. _____ < http://members.home.com/asolofnenko/ > Alexey N. Solofnenko < http://www.inventigo.com/ Inventigo LLC Pleasant Hill, CA (GMT-8 usually) -- To unsubscribe, e-mail: suse-security-unsubscribe@suse.com For additional commands, e-mail: suse-security-help@suse.com
Maybe you can publish the script here? _____ < http://members.home.com/asolofnenko/ > Alexey N. Solofnenko < http://www.inventigo.com/ Inventigo LLC Pleasant Hill, CA (GMT-8 usually) -----Original Message----- From: Thomas Lamy [mailto:Thomas.Lamy@netwake.de] Sent: Monday, September 24, 2001 1:38 PM To: 'Alexey N. Solofnenko'; suse-security@suse.com Subject: AW: [suse-security] Is it possible to return something, so Nimda would crash? Hi, you can always ask ARIN (whois whois.arin.net <ip>) or (in Europe) RIPE (whois.ripe.net), it will give you the administrative contact(s) for the netblock the questioned ip is in. I hacked a small shell script which takes an access_log file from my servers, extracts the nimda-type requests, does a lookup of the admin's email and sends him _one_ mail (with URLs pointing to NIMDA informations and how to remove it). Can't tell how successful I was with this attempt, but sent out 350 mails and received no "shut up"... Thomas -----Ursprungliche Nachricht----- Von: Alexey N. Solofnenko [mailto:alexeys@citechlabs.com] Gesendet: Montag, 24. September 2001 22:03 An: suse-security@suse.com Betreff: RE: [suse-security] Is it possible to return something, so Nimda would crash? Is it possible to retrieve administrator's email address from IIS? Or there is always a standard admin address. _____ < http://members.home.com/asolofnenko/ > Alexey N. Solofnenko < http://www.inventigo.com/ Inventigo LLC Pleasant Hill, CA (GMT-8 usually) -- To unsubscribe, e-mail: suse-security-unsubscribe@suse.com For additional commands, e-mail: suse-security-help@suse.com -- To unsubscribe, e-mail: suse-security-unsubscribe@suse.com For additional commands, e-mail: suse-security-help@suse.com
now we are two :-)
-----Original Message----- From: Alexey N. Solofnenko [mailto:alexeys@citechlabs.com] Sent: Tuesday, September 25, 2001 12:26 AM To: suse-security@suse.com Subject: RE: [suse-security] Is it possible to return something, so Nimda would crash?
Maybe you can publish the script here?
_____
< http://members.home.com/asolofnenko/ > Alexey N. Solofnenko < http://www.inventigo.com/ Inventigo LLC Pleasant Hill, CA (GMT-8 usually)
-----Original Message----- From: Thomas Lamy [mailto:Thomas.Lamy@netwake.de] Sent: Monday, September 24, 2001 1:38 PM To: 'Alexey N. Solofnenko'; suse-security@suse.com Subject: AW: [suse-security] Is it possible to return something, so Nimda would crash?
Hi, you can always ask ARIN (whois whois.arin.net <ip>) or (in Europe) RIPE (whois.ripe.net), it will give you the administrative contact(s) for the netblock the questioned ip is in.
I hacked a small shell script which takes an access_log file from my servers, extracts the nimda-type requests, does a lookup of the admin's email and sends him _one_ mail (with URLs pointing to NIMDA informations and how to remove it).
Can't tell how successful I was with this attempt, but sent out 350 mails and received no "shut up"...
Thomas
-----Ursprungliche Nachricht----- Von: Alexey N. Solofnenko [mailto:alexeys@citechlabs.com] Gesendet: Montag, 24. September 2001 22:03 An: suse-security@suse.com Betreff: RE: [suse-security] Is it possible to return something, so Nimda would crash?
Is it possible to retrieve administrator's email address from IIS? Or there is always a standard admin address.
_____
< http://members.home.com/asolofnenko/ > Alexey N. Solofnenko < http://www.inventigo.com/ Inventigo LLC Pleasant Hill, CA (GMT-8 usually)
-- To unsubscribe, e-mail: suse-security-unsubscribe@suse.com For additional commands, e-mail: suse-security-help@suse.com
-- To unsubscribe, e-mail: suse-security-unsubscribe@suse.com For additional commands, e-mail: suse-security-help@suse.com
-- To unsubscribe, e-mail: suse-security-unsubscribe@suse.com For additional commands, e-mail: suse-security-help@suse.com
** Reply to message from "Peter Romianowski"
participants (4)
-
Alexey N. Solofnenko
-
jfweber@eternal.net
-
Peter Romianowski
-
Thomas Lamy