Munir Nassar <nassarmu at redconcepts.net> wrote:
> 
> For a couple of days now i have been getting wierd errors in my Apache
> logs, mostly people doing a GET /dir/cmd.exe, or root.exe

Just a few days?  What corner of the Internet are you hiding in?  I want
to go there so I don't have other people chewing up my bandwidth ;-)

Most folks have been getting stuff like that for months.  It's become the
background radiation of the Internet.

It also means that you *cannot* install IIS while a host is connected to
the Internet.  It doesn't take long at all for a new host to get 

> don't these people check the server strings? I may be inexperienced but
i
> am not brain dead enough to run IIS. or just even plain windows.

Naw, that'd be too nice!  The guys who wrote these worms just wanted them
to spread as fast as possible.  They just didn't worry about what would
happen if they came across a non-vulnerable system.

Therefore, one of the more interesting things to do would be to get a
`tarpit' program that will allow the remote host to open a connection, but
then won't send any other data.  The infected host will (hopefully) get
slowed down by this.

-- 
 _  _  _  _ _  ___    _ _  _  ___ _ _  __   Error 008: Remove aluminum
/ \/ \(_)| ' // ._\  / - \(_)/ ./| ' /(__   foil, remote control
\_||_/|_||_|_\\___/  \_-_/|_|\__\|_|_\ __)  devices and spleen.
[ Mike Hicks | http://umn.edu/~hick0088/ | mailto:hick0088 at tc.umn.edu ]
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 232 bytes
Desc: not available
Url : http://shadowknight.real-time.com/pipermail/tclug-list/attachments/20020223/eb0ad851/attachment.pgp