[Dshield] fighting back against CodeRed

Paul Marsh pmarsh at nmefdn.org
Tue Aug 7 13:55:26 GMT 2001

	How about posting the IP's, ISP's and associated names, email and
phone numbers for all to see.  You know something along the lines of the
following people have not secured their machines and are risking internet
security for all.  This could bring much needed attention to the situation.
It would also be nice to see the local and national news get the straight
dope on the situation.

Thanx, Paul

-----Original Message-----
From: Josh Ballard [mailto:jballard at cloud.cc.ks.us]
Sent: Monday, August 06, 2001 9:16 PM
To: dshield at dshield.org
Subject: RE: [Dshield] fighting back against CodeRed

> White Hat Hacking?!  I like it.  Unfortunately, I don't know much more
about how to do it > than you do.  Hopefully someone else on here does and
wants to help....
> There are some ethical questions.

Yes, it is very true there are ethical problems.  I think it would be a very
viable solution if it weren't for the fact that anyone who's system it
patched could claim millions of dollars in damages, especially if there was
a business website on that webserver.  Plus, anyone could claim that you
were doing more than just patching the system and whoever was involved in
the project could be prosecuted, and I don't think ANYONE wants nearly
500,000 hacking charges on their hands, although if this were to be
accomplished, I'm sure the government would likely look the other way much
like what was the case with the cheese worm.  It would be a matter of
keeping from being sued.  Although, as has been evidenced by many of these
systems, either the Administrators don't know they are running IIS, don't
care that they have been compromised, or don't know they have been
compromised.  Also, it is pretty unethical to be compromising someone else's
system even if it is to fix something on it for them.  Anyone else have any
more points?  I still would like to see the discussion go on, as only good
things can come of this, most likely hopefully a more viable solution.  It
just really scares me to think that if I had a list of these hosts, I could
send a huge ping anywhere in the world I wanted to with this backdoor... not
that I would.  Let the discussion continue... :)

Josh Ballard
oofle.com Linux Firewall Center
jballard at cloud.cc.ks.us

Dshield mailing list
Dshield at dshield.org
To change your subscription options (or unsubscribe), see:

More information about the list mailing list