Code Red 2 cleanup; reporting..
David Luyer
david at luyer.net
Fri Aug 10 09:46:10 UTC 2001
On 10 Aug 2001 03:47:38 -0400, ken harris. wrote:
> i haven't given this a whirl myself, but i came across
> it and thought i'd at least share.
>
> "Code Red Autoresponder" :
> < http://www.klippan.seths.se/default.phps >
Dodgy whois lookup (and that's a redhat-ism too on the whois).
You'd end up sending a heap of junk to bitbucket at ripe.net.
>From the script:
/* Get a whois output from whois.ripe.net */
@exec("/usr/bin/whois $ip at whois.ripe.net",$whois,$status);
You need to consult ARIN and recurse to APNIC, RIPE, etc.
One of the APNIC guys was complaining on aussie-isp about all the
"your host has CodeRed" messages received by APNIC rather than
people doing proper recursive lookups.
David.
More information about the NANOG
mailing list