MX records, and that code red stuff
[1/5] from: mat:plothatching at: 11-Aug-2001 8:16
Hi,
I notice that DNS:// really only works for regular dns records. I
assume you'd have to go write your own stuff if you wanted to look up
MX records? I have a need to develop a good domain/e-mail
authentication routine and without the ability to look up MX it's
going to get ugly. So... would I have to do my own dialect or
something weird like that?
On another note, there's probably a few webmasters here. I was looking
through my logs and found a lot of those malformed requests which are
the Code Red worm attacks. They wont be getting anywhere on my Xitami
web server though :)
I decided to do something nice and write a script which scans through
the logs, collects all the unique ips and then uses the 'net send
<message>' command - figuring that most of those boxes have little or
no security so that's likely to get through.
507 messages delivered. The message told them they were infected with
code red blah blah, how they got this message and my e-mail address.
I got quite a lot of appreciative e-mail in return. It might be
something you guys could consider?
Regards,
Mat.
[2/5] from: brett:codeconscious at: 11-Aug-2001 23:16
Hi Mat,
I've no idea about MX stuff...
> On another note, there's probably a few webmasters here. I was looking
> through my logs and found a lot of those malformed requests which are
> the Code Red worm attacks. They wont be getting anywhere on my Xitami
> web server though :)
I don't run a webserver but I have noticed an increasing number of these
malformed requests in my website logs.
> I decided to do something nice and write a script which scans through
> the logs, collects all the unique ips and then uses the 'net send
> <message>' command - figuring that most of those boxes have little or
> no security so that's likely to get through.
I was also contemplating informing the victims, but I figured I'd have to
try to work out email addresses from IP numbers.
Can you explain what you mean about the "net send command" - is this Windows
specific or something else...
> 507 messages delivered. The message told them they were infected with
> code red blah blah, how they got this message and my e-mail address.
>
> I got quite a lot of appreciative e-mail in return. It might be
> something you guys could consider?
Yep considering it depending on feasibility (as above).
Regards,
Brett.
[3/5] from: mat:plothatching at: 12-Aug-2001 0:50
Hi Brett,
BH> I was also contemplating informing the victims, but I figured I'd have to
BH> try to work out email addresses from IP numbers.
BH> Can you explain what you mean about the "net send command" - is this Windows
BH> specific or something else...
It is Windows specific yes, it's a service that runs on NT and 2K. It
ought to be disabled but these ninnies with unpatched IISes that are
getting infected by Code Red in the first place invariably have it on.
Type it in the console yourself. Net send <machine name> "Bunch of
text". Good for a laugh in the office to tell people they have mail
when I want them to read it in the hurry :)
(So you use this with the call/console command in rebol/command or
rebol/view/pro of course.)
I can send you the script if you like. It's really simple and
undocumented but you'll work it out.
Regards,
Mat.
[4/5] from: mat:plothatching at: 12-Aug-2001 0:55
Hi Brett,
BH> I've no idea about MX stuff...
Indeed. I suspect the answer is clear, if I want to do this I'm going
to have to do it myself low level. Real shame like, you could write a
proper mailing list app in Rebol if this were done. Heh, or at least a
simple mail server.
Regards,
Mat.
[5/5] from: holger:rebol at: 14-Aug-2001 10:06
On Sat, Aug 11, 2001 at 08:16:51AM +0100, Mat Bettinson wrote:
> Hi,
>
> I notice that DNS:// really only works for regular dns records.
A
records and "PTR" records, yes.
> I
> assume you'd have to go write your own stuff if you wanted to look up
> MX records? I have a need to develop a good domain/e-mail
> authentication routine and without the ability to look up MX it's
> going to get ugly. So... would I have to do my own dialect or
> something weird like that?
You would have to either implement parts of the DNS protocol on top of
UDP, or use whatever OS-specific library you have on your machine to
handle DNS, and access it from REBOL. On Unix this is typically
libc.so, although some Unix versions have libresolv.so or other
libraries. Windows may have something in wsock32.dll. On the Amiga
you would have to access miami.library. Of corse you will need a version
of REBOL that contains the "library" component.
The reason why REBOL only supports "normal" DNS accesses is that these
are the only ones that are provided by operating systems cross-platform
without compatibility problems (gethostbyname(), gethostbyaddr()).
Lower-level functions vary A LOT not just by OS version but also by
resolver lib version, and using them in REBOL would make it impossible
to ship REBOL binaries which are dynamically linked.
--
Holger Kruse
[holger--rebol--com]