Counterattacks have been seen

Some of us ran default.ida scripts of our own

When probed by code red II
attacked back
disabled the server
and rebooted the machine.

Lesson: so close the exploit when you're in.