North American Network Operators Group

Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

Re: Code Red 2 cleanup; reporting..

  • From: David Luyer
  • Date: Fri Aug 10 05:50:26 2001

On 10 Aug 2001 03:47:38 -0400, ken harris. wrote:
> i haven't given this a whirl myself, but i came across
> it and thought i'd at least share. 
> "Code Red Autoresponder" :
> < >

Dodgy whois lookup (and that's a redhat-ism too on the whois).
You'd end up sending a heap of junk to [email protected]

>From the script:

/* Get a whois output from */
@exec("/usr/bin/whois [email protected]",$whois,$status);

You need to consult ARIN and recurse to APNIC, RIPE, etc.

One of the APNIC guys was complaining on aussie-isp about all the
"your host has CodeRed" messages received by APNIC rather than
people doing proper recursive lookups.