[Dshield] Re: Dshield digest, Vol 1 #185 - 11 msgs

Josh Ballard jballard at cloud.cc.ks.us
Wed Aug 8 05:06:22 GMT 2001

>While in agreement with you on quashing the notion of the anti-worm, I'm
>still pondering how such a thing would even work, technically.

My recommendation wasn't an anti-worm, although it wasn't a real
recommendation.  It was an attempt to start discussion of what we are going
to do about this, and it's worked pretty well.  My "recommendation" was
every time a server sees the exploit, it attempts to patch the server making
the attempt via the backdoor.  Not to circulate an antiworm.  Just a server
that runs some commands on the host and runs the fix, and reboots.  It's not
very feasible as there are huge ethical and legal conflicts with this.  I'm
really liking the PHP/CGI idea of mailing the sysadmin/netadmin a ton of
e-mails, as I think this is feasible.  Another thought, what if the script
could pull e-mail addresses off the hosts page if there was one existing, as
well as the sysadmin e-mail?  One problem here, ignore any @microsoft.com
email addresses that might exist on a default page.  I mean, that wouldn't
legally break the spam laws, because there is an unsubscribe method:  Patch
your machine.

Josh Ballard
oofle.com Linux Firewall Center
jballard at cloud.cc.ks.us

More information about the list mailing list