[svlug] perl script.

[George Bonser]

On Mon, 6 Aug 2001 rob at myinternetplace.net wrote:

> Has anyone posted the "sed + nc defense" to risks yet?
> 
> rob

I used something close years ago when Sanford Wallace was spewing tons of
spam ( http://www.recyber.com/masters/wallace.html ). Using hosts_options
rules I just twisted any port 25 connections from him to a script I called
"up-yours" that simply connected back to his port 25 with nc. We would
send all his spam back to his own mail servers. While I suppose it would
be useless in this case, if one could obtain a list of IIS servers (
netcraft? ) and twist the connection back to one selected at random, it
might make things really interesting. 

perl + nc is a pretty awesome combination. Having a script that would
delete c:\explorer.exe d:\explorer.exe and root.exe on the machines that
connect to you trying to give you the worm might be a good idea. It does
not stop the worm but it neutralizes the trojans on the remote host. If I
only knew the CLI command to reboot the machine ...