Return-Path: 
 <users-return-18031-apmail-httpd-users-archive=httpd.apache.org@httpd.apache.org>
Delivered-To: apmail-httpd-users-archive@httpd.apache.org
Received: (qmail 51625 invoked by uid 500); 5 Dec 2002 01:15:11 -0000
Mailing-List: contact users-help@httpd.apache.org; run by ezmlm
Precedence: bulk
Reply-To: users@httpd.apache.org
list-help: <mailto:users-help@httpd.apache.org>
list-unsubscribe: <mailto:users-unsubscribe@httpd.apache.org>
list-post: <mailto:users@httpd.apache.org>
Delivered-To: mailing list users@httpd.apache.org
Received: (qmail 51578 invoked from network); 5 Dec 2002 01:15:10 -0000
Received: from mail15.messagelabs.com (63.210.62.243)
  by daedalus.apache.org with SMTP; 5 Dec 2002 01:15:10 -0000
X-VirusChecked: Checked
X-Env-Sender: RDNelson@Mail.Donaldson.com
X-Msg-Ref: server-30.tower-15.messagelabs.com!1039050741!239
Received: (qmail 967 invoked from network); 5 Dec 2002 01:12:21 -0000
Received: from mail.donaldson.com (162.107.240.193)
  by server-30.tower-15.messagelabs.com with SMTP; 5 Dec 2002 01:12:21 -0000
Received: by mail.donaldson.com with Internet Mail Service (5.5.2653.19)
	id <WKDP9QD5>; Wed, 4 Dec 2002 19:13:56 -0600
Message-ID: <11864A3328DDD5119DE70002A540D64A02B4C0B0@ntblm16.dci.com>
From: "Nelson, Robert D." <RDNelson@Mail.Donaldson.com>
To: "'users@httpd.apache.org'" <users@httpd.apache.org>
Date: Wed, 4 Dec 2002 19:13:07 -0600 
X-Mailer: Internet Mail Service (5.5.2653.19)
X-Spam-Rating: daedalus.apache.org 1.6.2 0/1000/N
Subject: RE: [users@httpd] Hacker?


> > What would be ideal is for each attack, the system that its scanning
> > sends back a buffer overrun and crashes the system that's 
> trying to scan
> > it...
> > 
> > That would be an easy way for NT/2000 Admin's to realise they are
> > running an unpatched system
> 
> I've seen this idea mentioned before.  I would be interested 
> in putting 
> something like that on my personal server.  If they are allowed to 
> request arbitrary URLs on my server, I should be able to do 
> the same to 
> their's.
> 
> Anyone have any examples?

I hate to be the voice of reason here, but why are you talking about
damaging someone else's systems simply because they are infected with a
virus/worm?  Wouldn't it make more sense to write a program that does a ARIN
IP lookup and emails the IP owner about the probable infection (and nicely
asks them to switch to Apache/*nix)?  Maybe even something that simply
blocks requests from that IP for a few minutes/hours until the requests go
away.

Oh, and one of the key *features* of the net is that arbitrary requests to
your systems can be made.  I'm not saying that these requests are nice, but
you don't have any right (real or implied) to stop people from requesting
URLs.

IMHO, blind retaliation like this only causes more problems on the net.

 ~ Robert


---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org