Code Red 2 cleanup; reporting..

• Previous message (by thread): Code Red 2 cleanup; reporting..
• Next message (by thread): Code Red 2 cleanup; reporting..
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On 10 Aug 2001 03:47:38 -0400, ken harris. wrote:
> i haven't given this a whirl myself, but i came across
> it and thought i'd at least share. 
> 
> "Code Red Autoresponder" :
> < http://www.klippan.seths.se/default.phps >

Dodgy whois lookup (and that's a redhat-ism too on the whois).
You'd end up sending a heap of junk to bitbucket at ripe.net.

>From the script:

/* Get a whois output from whois.ripe.net */
@exec("/usr/bin/whois $ip at whois.ripe.net",$whois,$status);

You need to consult ARIN and recurse to APNIC, RIPE, etc.

One of the APNIC guys was complaining on aussie-isp about all the
"your host has CodeRed" messages received by APNIC rather than
people doing proper recursive lookups.

David.

• Previous message (by thread): Code Red 2 cleanup; reporting..
• Next message (by thread): Code Red 2 cleanup; reporting..
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]