Tags:






Become a code red vigilante today.
August 21, 2001 12:23 AM   Subscribe

Become a code red vigilante today. Nice Java server app that catches Code Red attacks and uses the security hole to inform the infected computer. Legal? Who knows. I doubt ISPs will care.
posted by skallas (9 comments total)

Code Red Vigilante emulates a vulnerable Microsoft web server. When Vigilante is attacked by an infected machine, it reverses the attack and sends the owner a notification.

I'm not a server or anything, but that's pretty cool.
posted by gleemax at 1:02 AM on August 21, 2001


Happy to see that some smart guy is caring about it. Since one month the Linux web server hosting my web site is assaulted by Code Red, obviously with no damage except for my log!
posted by fabrizio at 2:13 AM on August 21, 2001


This is interesting. For many, many years, of course, the ethics of using "judo" techniques against malicious code (viruses, trojans, worms, etc.) has been debated. People often jokingly suggest Couldn't we write a version of Melissa|Code Red that patches the software for you?. Obviously actually making changes is going a little far. But generally there has been a social contract that, while an interesting theory, it is probably not something that should be done.

The basic principle, of course, is that nobody should be running code on someone else's machine that is not explicitly permitted.

Now, finally, somebody's gone and written one of them. It will be instructive to see how this is received.
posted by dhartung at 3:32 AM on August 21, 2001


Time from installation to first Code Red probe: 8:36. Unfortunately the decaffeination failed. :( But you can see why I wanted to run it -- I've been getting hundreds of probes from people on my AT&T WorldNet subnet.
posted by dhartung at 3:48 AM on August 21, 2001


Too bad a bunch of cable providers shut off port 80 access.
We'll have exploited machines running forever.
posted by machaus at 7:11 AM on August 21, 2001


Unfortunately you can't run this AND a webserver at the same time (it's a java program that binds to port 80). If you're running a webserver, you should be able to hack up a default.ida script that does the same thing. Since I don't have enough motivation to learn enough to do this, who wants to? :)
posted by reishus at 7:40 AM on August 21, 2001


Reuven Lerner wrote a similar program for Apache+mod_perl called Apache::CodeRed.

No need to run a separate server for this program.
posted by kaefer at 12:22 PM on August 21, 2001


According to the counter on my website, I've had 1712 attacks in the last 4 weeks. Up from 1565 two days ago. Of course, I run Apache on Linux...
posted by CrayDrygu at 3:59 PM on August 21, 2001


1712 attacks?
posted by kindall at 4:57 PM on August 21, 2001


« Older Classes for immigrants on how to ditch the accent...  |  The MetaFilter extract from 'D... Newer »


This thread has been archived and is closed to new comments