Mailing list home
  Find posts   Help

Latest messageRecent messages

Other threads:
 Prev: How? Read HTTP message body
 Next: needle in a haystack

 Random thread

Indexes:
 By topic
 By date
 By author
 By subject
Join the Mailing List....
AccessibilityAbout / FAQ
Member's loungeContact/FeedbackOther REBOL links
Membership:
member name

password

Remember?

Not a member? Please join
18-Apr 9:47 UTC
[0.078] 11.91k
Mailing List Archive: 49091 messages
  • Home
  • Script library
  • AltME Archive
  • Mailing list
  • Articles Index
  • Site search
 

MX records, and that code red stuff

 [1/5] from: mat:plothatching at: 11-Aug-2001 8:16


Hi, I notice that DNS:// really only works for regular dns records. I assume you'd have to go write your own stuff if you wanted to look up MX records? I have a need to develop a good domain/e-mail authentication routine and without the ability to look up MX it's going to get ugly. So... would I have to do my own dialect or something weird like that? On another note, there's probably a few webmasters here. I was looking through my logs and found a lot of those malformed requests which are the Code Red worm attacks. They wont be getting anywhere on my Xitami web server though :) I decided to do something nice and write a script which scans through the logs, collects all the unique ips and then uses the 'net send <message>' command - figuring that most of those boxes have little or no security so that's likely to get through. 507 messages delivered. The message told them they were infected with code red blah blah, how they got this message and my e-mail address. I got quite a lot of appreciative e-mail in return. It might be something you guys could consider? Regards, Mat.

 [2/5] from: brett:codeconscious at: 11-Aug-2001 23:16


Hi Mat, I've no idea about MX stuff...
> On another note, there's probably a few webmasters here. I was looking > through my logs and found a lot of those malformed requests which are > the Code Red worm attacks. They wont be getting anywhere on my Xitami > web server though :)
I don't run a webserver but I have noticed an increasing number of these malformed requests in my website logs.
> I decided to do something nice and write a script which scans through > the logs, collects all the unique ips and then uses the 'net send > <message>' command - figuring that most of those boxes have little or > no security so that's likely to get through.
I was also contemplating informing the victims, but I figured I'd have to try to work out email addresses from IP numbers. Can you explain what you mean about the "net send command" - is this Windows specific or something else...
> 507 messages delivered. The message told them they were infected with > code red blah blah, how they got this message and my e-mail address. > > I got quite a lot of appreciative e-mail in return. It might be > something you guys could consider?
Yep considering it depending on feasibility (as above). Regards, Brett.

 [3/5] from: mat:plothatching at: 12-Aug-2001 0:50


Hi Brett, BH> I was also contemplating informing the victims, but I figured I'd have to BH> try to work out email addresses from IP numbers. BH> Can you explain what you mean about the "net send command" - is this Windows BH> specific or something else... It is Windows specific yes, it's a service that runs on NT and 2K. It ought to be disabled but these ninnies with unpatched IISes that are getting infected by Code Red in the first place invariably have it on. Type it in the console yourself. Net send <machine name> "Bunch of text". Good for a laugh in the office to tell people they have mail when I want them to read it in the hurry :) (So you use this with the call/console command in rebol/command or rebol/view/pro of course.) I can send you the script if you like. It's really simple and undocumented but you'll work it out. Regards, Mat.

 [4/5] from: mat:plothatching at: 12-Aug-2001 0:55


Hi Brett, BH> I've no idea about MX stuff... Indeed. I suspect the answer is clear, if I want to do this I'm going to have to do it myself low level. Real shame like, you could write a proper mailing list app in Rebol if this were done. Heh, or at least a simple mail server. Regards, Mat.

 [5/5] from: holger:rebol at: 14-Aug-2001 10:06


On Sat, Aug 11, 2001 at 08:16:51AM +0100, Mat Bettinson wrote:
> Hi, > > I notice that DNS:// really only works for regular dns records.
A records and "PTR" records, yes.
> I > assume you'd have to go write your own stuff if you wanted to look up > MX records? I have a need to develop a good domain/e-mail > authentication routine and without the ability to look up MX it's > going to get ugly. So... would I have to do my own dialect or > something weird like that?
You would have to either implement parts of the DNS protocol on top of UDP, or use whatever OS-specific library you have on your machine to handle DNS, and access it from REBOL. On Unix this is typically libc.so, although some Unix versions have libresolv.so or other libraries. Windows may have something in wsock32.dll. On the Amiga you would have to access miami.library. Of corse you will need a version of REBOL that contains the "library" component. The reason why REBOL only supports "normal" DNS accesses is that these are the only ones that are provided by operating systems cross-platform without compatibility problems (gethostbyname(), gethostbyaddr()). Lower-level functions vary A LOT not just by OS version but also by resolver lib version, and using them in REBOL would make it impossible to ship REBOL binaries which are dynamically linked. -- Holger Kruse [holger--rebol--com]