14 yesterday (GMT), so:
[mike@3po][~]$ expr $(grep -c default.ida
/var/log/apache/access.log) - 14
The CAIDA graph shows an uptick around midnight GMT. It's going to be an interesting couple of weeks.
Finally added a procmail recipe for getting rid of those stupid SirCam messages. Still testing it, though.
I am now of the opinion that someone should write a worm to go out and disable IIS on vulnerable servers. Shut down the service and set it to be disabled. Perhaps even remove an important EXE or DLL file that is required for it to start up. If nothing is done, the Internet will continue to be polluted by garbage traffic from worms like that.
Makes me think of the noises that surround us every day, and the light of the city at night that keeps people from seeing the stars...
Considering possibilities for active response to the IIS worm. I suspect that many servers that aren't patched for the IDA vulnerability also aren't patched against the Unicode vulnerabilities. It'd probably be easy enough to make a script that references a URL like this , but it requires testing.Posted by mike at August 2, 2001 06:14 AM | Old Advogato Diary | TrackBack