[TCLUG] AT&T/Mediaone does it again?

Thu Aug 9 08:29:24 CDT 2001

Nate Straz <nate at techie.com> wrote:
> 
> BTW, AT&T updated their Code Red help page.  
> 
> http://help.broadband.att.com/faq.jsp?content_id=792&category_id=54

Interesting.  Looking at the Q&As on that page, it doesn't appear that
running services is explicitly denied.  They're just responding to the
fact that this worm can ``interfere with the ability of any other person
to use or enjoy the AT&T Equipment or the Service.''  Then again, they may
explicitly state it elsewhere.

Anyway, here's what I've done on my own system (not on a cable modem):

Add `.ida' to the PHP mime/type in httpd.conf

  AddType application/x-httpd-php .php .php4 .ida

and created a file named `default.ida' that attempts to connect back to
CR2-infected systems and pop up a warning with the `net send' command.

Of course, I have no way to test it.

  http://www.tc.umn.edu/~hick0088/files/defaultida.txt

-- 
 _  _  _  _ _  ___    _ _  _  ___ _ _  __   The sooner you fall 
/ \/ \(_)| ' // ._\  / - \(_)/ ./| ' /(__   behind, the more time  
\_||_/|_||_|_\\___/  \_-_/|_|\__\|_|_\ __)  you'll have to catch up. 
[ Mike Hicks | http://umn.edu/~hick0088/ | mailto:hick0088 at tc.umn.edu ]
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 232 bytes
Desc: not available
Url : http://shadowknight.real-time.com/pipermail/tclug-list/attachments/20010809/c1b568a7/attachment.pgp