From: John McCormac (jmcc at domain hackwatch.com)
Date: Wed 26 Sep 2001 - 10:16:01 IST
Wesley Darlington wrote:
>
> On Tue, Sep 25, 2001 at 07:30:18PM +0100, David Murphy wrote:
> > Quoting <3BB0CC2C.9040607 at domain esatclear.ie>
> > by Paul Kelly <longword at domain esatclear.ie>:
> > > How can it be illegal? They requested the machine deinstallation
> > > program from your web server. And you've got the Apache logs to
> > > prove it.
> > I don't believe "They asked for it" will stand up in court.
>
> Probably right. Much better to format their drives so all
> trace of your activity is removed. Dead boxes tell no tales.
> Use https if it's there to lessen the likelihood of IDSes (*)
> noticing.
The problem is that most of the scans now are trying to exploit the Code
Red backdoors. Over the past 24 hours, the majority of these scans are
coming from Luse2K dialups on Indigo. I have also seen a VEC in Dublin
causing problems here. The requests for default.ida have diminished.
Many of the dialups are do not seem to be active on port 80 or at least
are so busy on that port that they are rejecting connections. If only
there was one "Drop Dead" command for these muppet boxes - like Black
ICE in William Gibson's cyberpunk novels. ;-)
Regards...jmcc
-- ******************************************** John McCormac * Hack Watch News jmcc at domain hackwatch.com * 22 Viewmount, Voice: +353-51-873640 * Waterford, BBS&Fax: +353-51-850143 * Ireland http://www.hackwatch.com/~kooltek ******************************************** -----BEGIN PGP PUBLIC KEY BLOCK----- Version: 2.6 mQCNAzAYPNsAAAEEAPGTHaNyitUTNAwF8BU6mF5PcbLQXdeuHf3xT6UOL+/Od+z+ ZOCAx8Ka9LJBjuQYw8hlqvTV5kceLlrP2HPqmk7YPOw1fQWlpTJof+ZMCxEVd1Qz TRet2vS/kiRQRYvKOaxoJhqIzUr1g3ovBnIdpKeo4KKULz9XKuxCgZsuLKkVAAUX tCJKb2huIE1jQ29ybWFjIDxqbWNjQGhhY2t3YXRjaC5jb20+tBJqbWNjQGhhY2t3 YXRjaC5jb20= =sTfy -----END PGP PUBLIC KEY BLOCK-----
This archive was generated by hypermail 2.1.6 : Thu 06 Feb 2003 - 13:12:18 GMT