At 00:11 6/08/2001, Chris Wedgwood wrote:
On Mon, Aug 06, 2001 at 12:20:11AM +1200, Perry Lorier wrote:
You can. Although I'm not going to give out explicit instructions how on a public mailing list :P So if you have a proxy between you and the internet it's not going to save you from people playing with your recently backdoored IIS server.
too late, see my next message :)
Also, you _cannot_ scan for these as borked stuff like WinGate tends to use CONNECT when it doesn't need to anyhow (thus defeting proxying too).
so how hard would it be to write a cleaning agent ? even if it were a "shutdown server and leave a message 'you have been hacked, please patch your machine' " on their screen ? you could then automate cleaning out machines :) from the number of hits I am getting from korean/asian IP's it may pay for some clever cookie (joe could write it in AWK ?) to put the message in catonese/mandarin as well :) -- Steve. --------- To unsubscribe from nznog, send email to majordomo(a)list.waikato.ac.nz where the body of your message reads: unsubscribe nznog