[40495] in North American Network Operators' Group
Re: Code Red 2 cleanup; reporting..
daemon@ATHENA.MIT.EDU (David Luyer)
Fri Aug 10 05:47:05 2001
From: David Luyer <david@luyer.net>
To: nanog@merit.edu
Content-Type: text/plain
Content-Transfer-Encoding: 7bit
Date: 10 Aug 2001 19:46:10 +1000
Message-Id: <997436770.8271.8.camel@typhaon>
Mime-Version: 1.0
Errors-To: owner-nanog-outgoing@merit.edu
On 10 Aug 2001 03:47:38 -0400, ken harris. wrote:
> i haven't given this a whirl myself, but i came across
> it and thought i'd at least share.
>
> "Code Red Autoresponder" :
> < http://www.klippan.seths.se/default.phps >
Dodgy whois lookup (and that's a redhat-ism too on the whois).
You'd end up sending a heap of junk to bitbucket@ripe.net.
From the script:
/* Get a whois output from whois.ripe.net */
@exec("/usr/bin/whois $ip@whois.ripe.net",$whois,$status);
You need to consult ARIN and recurse to APNIC, RIPE, etc.
One of the APNIC guys was complaining on aussie-isp about all the
"your host has CodeRed" messages received by APNIC rather than
people doing proper recursive lookups.
David.
