Visit Our UNIX and Linux User Community


Code Red Redirect


 
Thread Tools Search this Thread
Special Forums Cybersecurity Code Red Redirect
# 1  
Old 08-08-2001
Code Red Redirect

For Apache servers getting hammered with Code Red hits, one solution is this addition to your httpd.conf files in Apache:


Quote:
Redirect /default.ida http://www.microsoft.com
This will help keep the load off your web server and put the load where it belongs, sending the probes to the originator. Seems only fair and ethical to return the probe to the originator.
# 2  
Old 08-09-2001
/me ROTFL
# 3  
Old 08-09-2001
Re: Code Red Redirect

Quote:
Originally posted by Neo
This will help keep the load off your web server and put the load where it belongs
Will this really lower the load on your web server? Assuming you are running Apache, then /default.ida probably doesn't exist anyway, which would mean the server sends a 404 Not Found response. With this Redirect, it just sends a 302 Redirect response instead. i don't think it would save you many bytes.

Quote:
Seems only fair and ethical to return the probe to the originator.
Well, not to defend Microsoft, but technically they are not the "originator". IIS is just a "carrier" for the virus.


Its a funny idea though ... Smilie
# 4  
Old 08-09-2001
No, it does not really lower the load on Apache servers. It is just a fun idea Smilie

When default.ida does not exist, the return code is 400:

Quote:

128.146.87.135 - - [19/Jul/2001:16:46:10 -0400] "GET /default.ida?NNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNN NNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNN NNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNN%u9090%u6858%ucbd3%u7801%u9090%u6858%ucbd3%u7801%u9090%u6858%ucb d3%u7801%u9090%u9090%u8190%u00c3%u0003%u8b00%u531b%u53ff%u0078%u0000%u00=a HTTP/1.0" 400 252
After redirect the return code is 302:

Quote:
64.95.192.98 - - [09/Aug/2001:17:01:01 -0400] "GET /default.ida?XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX%u9090%u6858%ucbd3%u7801%u9090%u6858%ucbd3%u7801%u9090%u6858%ucb d3%u7801%u9090%u9090%u8190%u00c3%u0003%u8b00%u531b%u53ff%u0078%u0000%u00=a HTTP/1.0" 302 567
# 5  
Old 08-10-2001
Redirect default.ida on Apache

I did this the other day on my company's server; couldn't resist.

Neo said:

Seems only fair and ethical to return the probe to the originator.

Yes, if Microsoft wouldn't release such buggy code, they wouldn't be in the mess they are. Smilie
# 6  
Old 08-14-2001
Another interesting solution:

http://www.dasbistro.com/default.ida


A perl script which finds the technical contact by checking the SOA record for each IP that connects and sends them a friendly email...


Or here's another one:

http://www.dynwebdev.com/codered/

which pops up a window on the attacking machine using Java and "net send".


Or yet another which attempts to slow the attack process by getting the attacker caught waiting for TCP timeouts:

http://www.hackbusters.net/CodeRedneck.tgz

Previous Thread | Next Thread
Test Your Knowledge in Computers #586
Difficulty: Medium
Making many function calls can be costly in terms of stack space. One optimization that can be made is to use tail recursion.
True or False?

9 More Discussions You Might Find Interesting

1. Programming

C, UNIX: How to redirect 'stdout' to a file from a C code?

I am looking for a way to redirect standard output to a file from a C-code; so, any 'cout<<..' or 'printf(...)' will be written into a file. I have a server source that I need to debug. That program called by RPC (remote procedure call) and has no any session to print out anything. I have... (3 Replies)
Discussion started by: alex_5161
3 Replies

2. Shell Programming and Scripting

Ftp redirect

Hi i want to redirect a list of ftp file to an exsisting file by mls x.txt mylocalfile.txt result of this command corrupt my data on mylocalfile.txt , please help me (2 Replies)
Discussion started by: rezasadeghi
2 Replies

3. Web Development

Redirect URL containing #!

I have a Rewrite Rule that helps me redirect a page with no hindrance. I am rewriting mydomain.com/best to mydomain.com/#!/ using RewriteRule ^\/best\/? /#!/ Now I want to Rewrite mydomain.com/#!/best to (0 Replies)
Discussion started by: Junaid Subhani
0 Replies

4. UNIX for Dummies Questions & Answers

how to know if i use "Red Hat Enterprise Linux" or "Red Hat Desktop" ?

how to know if i use "Red Hat Enterprise Linux" or "Red Hat Desktop" ? (2 Replies)
Discussion started by: ahmedamer12
2 Replies

5. Shell Programming and Scripting

redirect LVM commands to file in Red Hat

I have been trying to create a little script to direct system configuration information to a file, however when I run LVM commands (vgdisplay, lvdisplay...etc) nothing appears in my output file. This is what I currently have in my script: vgdisplay >> sysinfo.out everthing else seems to... (0 Replies)
Discussion started by: Alvescot
0 Replies

6. Shell Programming and Scripting

Redirect Output

Hi, I would like to list files: ls *.hdf But I would like a copy of the output directed to the screen, but also APPENDED to a text file: test.txt I have tried: ls *.hdf | tee test.txt However, that will just write over everything already existing in test.txt. How can I append the... (1 Reply)
Discussion started by: msb65
1 Replies

7. Shell Programming and Scripting

redirect STDIN

can you redirect STDIN with command arguments? I have tried this approach: # ./script -option <argument1> <argument2> 0<$2 # $2: ambiguous redirect Is this possible? (4 Replies)
Discussion started by: prkfriryce
4 Replies

8. UNIX for Advanced & Expert Users

redirect connection

I have two UX servers ( eg. Server A , Server B ) , the users use Netterm as emulator to telnet to connect to these servers , each server have assigned a dedicated IP address ( eg. Server A --> 192.168.1.1 , Server B --> 192.168.1.2 ) , now if a user want to connect Server A , he need to telnet to... (1 Reply)
Discussion started by: ust
1 Replies

9. IP Networking

Redirect

I'm sittig behind a firewall that doesn't allow ftp. I have a conection to a UNIX system, connecting throug SSH. Is it possible to redirect the ftp through the UNIX to my computer? (1 Reply)
Discussion started by: <Therapy>
1 Replies

Featured Tech Videos