CodeRed Fix B

Wilfred L. Guerin Wilfred at Cryogen.com
Fri Aug 3 15:48:43 PDT 2001


Continued...

I have found no obvious work on fixes yet... 

Resolve: Time to fix this annoyance and be done with it.

Request:

Need a "Simple" set of *instructions* to "paste" a line to apache/etc
server control settings so that other individuals who are running an
apache/etc server may cease "attacks" on their boxes. Basicly, I request
from the community a simple set of 1.2.3.4.. style instructions which will
allow apache/etc admins to redirect the /stupid.ida requests to a cgi or
another operation (Cgi easiest to implement) which will then both report
the assault to a central server (mine) and send a sequence of infallable
retaliation worms (or multiple instances of one) to the 'evil' box (simple
cgi open socket/etc) and therefore target and cease the moronic box's noise.

Additionally, this design would require a 'heavy' server which accepts
connections via tcpip GET on port 80 (known pass-through for fwall due to
problem itself) of a simple report, most probibly /aa.bb.cc.dd/ee.ff.gg.hh
or similar reporting that a..d has been fixed by e..h ... log of all
connection feeds would be sufficient, need box.

This is problematic, as us-fed and international authorities may percieve
this logging operation as authorization to attack *it* as a
threat...(idiots) This bullshit shall not be tolerated, therefore I suggest
and request a server be made available in a politicly and logisticly
neutral realm. 

Havenco have any interest in testing available bw/connection capability?
Anyone else?

...

I shall personally produce both a basic cgi and a revision of this VERY LOW
QUALITY worm code for distribution shortly, unless someone informs that
such has already been completed.

Note, the quality of the code is horrible, im not gonna optimize it, but
it's just VERY badly written. Too bad the origin cant even code an attack
correctly, more bad is the fact that SOMEONE cant even code an os/server
correctly... Oh well.

The motivation is to both squelch by voluntary operation (from
script-capable servers) any hostile attacks on these private boxes, but
also neutralize quickly this annoyance.

It will be expected that the next generation of annoyances will eliminate
the file-crosscheck mechanisms, and will thus require a complete system
penetration to disable and isolate the server... Sorry M$hit, but your
failures warrent elimination of your products by force. Your failures
threaten the operation of the global data infrastructure, we eliminate your
software from operation (since it has already been disabled prior this
conflict)...

We may tend to this as it comes...

Resolve:

Assuming noone has completed this task, I will tend to coding this basic
fix now, and hopefully someone will come forward with a central logging
system capable of post-process analysis review.

Additionally, it will be requested that all isp/datasec admins allow full
outgoing packet flow to this target box/array for single-direction
reporting. It is probible that a large number of "firewalled" failures in
corporate networks are creating additional annoyances, all requiring fix.

The cgi response script, if utilized, can have the option of reporting,
reporting what, etc for compatibility with security issues.

As for the wh.gov attack... I could care less. If these morons and their
excess of IC and technical resources can not come up with such a basic fix
and remedy, why should we care about their interests? Moronics not tolerated.

So... 

Can someone please prepare an instruction of how to set apache and other
servers up to route /*n.threat requests to a cgi/script/module/etc so we
can immediately release this remedy...

Im sick of the level of stupidity in this world. Time to start replacing
the failed components.

-Wilfred L. Guerin
Wilfred at Cryogen.com


.







More information about the cypherpunks-legacy mailing list