[Dshield] Re: Dshield digest, Vol 1 #185 - 11 msgs

Jackie JackieJ at Syllables.com
Wed Aug 8 13:44:43 GMT 2001


Wouldn't it be in far better taste and safety to simply employ a popup
dispatched via the backdoor informing the human there of the problem
and how to fix it? We have to assume there's a human somewhere!

-- 
Best regards,

 Jackie                            mailto:JackieJ at Syllables.com
Wednesday, August 08, 2001, 1:06:22 AM, you wrote:

>>While in agreement with you on quashing the notion of the anti-worm, I'm
>>still pondering how such a thing would even work, technically.

JB> My recommendation wasn't an anti-worm, although it wasn't a real
JB> recommendation.  It was an attempt to start discussion of what we are going
JB> to do about this, and it's worked pretty well.  My "recommendation" was
JB> every time a server sees the exploit, it attempts to patch the server making
JB> the attempt via the backdoor.  Not to circulate an antiworm.  Just a server
JB> that runs some commands on the host and runs the fix, and reboots.  It's not
JB> very feasible as there are huge ethical and legal conflicts with this.  I'm
JB> really liking the PHP/CGI idea of mailing the sysadmin/netadmin a ton of
JB> e-mails, as I think this is feasible.  Another thought, what if the script
JB> could pull e-mail addresses off the hosts page if there was one existing, as
JB> well as the sysadmin e-mail?  One problem here, ignore any @microsoft.com
JB> email addresses that might exist on a default page.  I mean, that wouldn't
JB> legally break the spam laws, because there is an unsubscribe method:  Patch
JB> your machine.

JB> Josh Ballard
JB> oofle.com Linux Firewall Center
JB> http://www.oofle.com/
JB> jballard at cloud.cc.ks.us

JB> _______________________________________________
JB> Dshield mailing list
JB> Dshield at dshield.org
JB> To change your subscription options (or unsubscribe), see: http://www1.dshield.org/mailman/listinfo/dshield




More information about the list mailing list