On Thu, 2002-01-17 at 13:50, Grantham, Patrick wrote:
> These just came on line. My point was there should eb NO traffic. It's 3MB
> of just this.
I know... I was just giggling because to us, 3MB of worm traffic is
nothing. The morning Nimda hit, we saw something like several hundred
megs worth of traffic come into one of our big hosting boxes in just the
first 20 minutes or so.
Look into mod_rewrite and build a few rules that look for anything with
'cmd.exe' in the URL and sends it to /dev/null or redirects to McAffee's
website. (Or better yet, Microsoft's.)
Alternately, just grep your logs for infected IP addresses and use
ipchains or iptables to block those addresses from connecting to your
server at all.
Unfortunately, that is just the Windows World we live in now. I think
from now on everyone on the 'net is just going to have to live with this
kind of crap floating around the wires. Kind of like we have to live
with things like Herpes and AIDS and Nile Encephalitis and so forth in
the "real world". We just have to think up ways to protect ourselves -
those who don't, get infected, and even those who do still have to deal
with the fallout from those who don't. Or maybe smoking and drunk
driving are better examples... you can still get whacked by a drunk
driver even if you're not driving drunk, and you can still get lung
cancer from second-hand smoke, even if you don't smoke yourself. Ehhh,
something like that...
It's all fallout from Microsoft's lack of concern for security in their
products and now the rest of us have to live with it.
--
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
#!/usr/bin/perl -w
$_='while(read+STDIN,$_,2048){$a=29;$b=73;$c=142;$t=255;@t=map
{$_%16or$t^=$c^=($m=(11,10,116,100,11,122,20,100)[$_/16%8])&110;
$t^=(72,@z=(64,72,$a^=12*($_%16-2?0:$m&17)),$b^=$_%64?12:0,@z)
[$_%8]}(16..271);if((@a=unx"C*",$_)[20]&48){$h=5;$_=unxb24,join
"",@b=map{xB8,unxb8,chr($_^$a[--$h+84])}@ARGV;s/...$/1$&/;$d=
unxV,xb25,$_;$e=256|(ord$b[4])<<9|ord$b[3];$d=$d>>8^($f=$t&($d
>>12^$d>>4^$d^$d/8))<<17,$e=$e>>8^($t&($g=($q=$e>>14&7^$e)^$q*
8^$q<<6))<<9,$_=$t[$_]^(($h>>=8)+=$f+(~$g&$t))for@a[128..$#a]}
print+x"C*",@a}';s/x/pack+/g;eval
usage: qrpff 153 2 8 105 225 < /mnt/dvd/VOB_FILENAME \
| extract_mpeg2 | mpeg2dec -
http://www.cs.cmu.edu/~dst/DeCSS/Gallery/
http://www.eff.org/ http://www.anti-dmca.org/
This archive was generated by hypermail 2.1.3 : Fri Aug 01 2014 - 19:12:02 EDT