[Dshield] Re: Dshield digest, Vol 1 #188 - 11 msgs

Dustin Decker dustind at moon-lite.com
Wed Aug 8 14:00:53 GMT 2001


Chris A. Johnson wrote:
[snip]
> The real-world analogy is that someone pokes you so you slap them.  Fast
> and with a sting, but with no possibility of permanent damage.

Well, I can tell you this much... try this in the real world and one of a
number of outcomes are possible.  The dude that poked you might not slap
back, but instead beat the ever living shit out of you.  Or he could do
the civil thing, and have you arrested for assault and/or battery.
Depending upon the state you live in, this could cost you between one and
two thousand dollars in legal fees, and leave you in some batterers
intervention program on probation for six months to a year.  IINAL, but I
speak from experience - this advice is just plain wrong.

> I've been trying to use the scripts/root.exe? exploit to shutdown the
> IIS service using iisreset, but the IIS service by default doesn't had
> enough privileges to run that program.  Perhaps someone else can
> workout a quick, fail-safe way of disabling infected machines without
> having to spend too long in there, and without running the risk of any
> damage.
Chris - You have as best I read it, openly admited on a public mailing
list that you have been attempting to use the scripts/root.exe? exploit...
let's hope you're doing this to your own machines, in a test environment.
You never know who's subscribed to a list like this, but the FBI comes to
mind pretty quick.  (You even left ample contact information for them to
use in hunting you down, if that's their game plan this week.)

Folks, I cannot stress it enough.  Hell, I'll even beg you if I have to,
please don't run off crossing these lines this way.  We're all relatively
intelligent "hackers", and we aught to know better than to add fuel to the
fire.  What if someone from the press starts using transcripts of this
mailing list?  Ever thought of that?  We get all bent out of shape about
our good little word "hacker" being used vice the appropriate "cracker",
and yet here we are in many cases actually considering a course of action
born of cracker mentality.

Yes - you can go learn lots of kung-fu, and when the man on the street
pulls a gun on you, you can take it away from him and kill him with it.
But I expect that by the time you have accrued the skills to do so, you
will also have come to understand that better than using your attackers
weapon against him, is the opportunity to render it useless.  Of what
value are his bullets if you aren't standing there when they arrive?

There are better ways... I may not have them, but search dammit!  They're
out there!
Dustin

-- 
"The assertion that 'all men are created equal' was of no practical use in
effecting our separation from Great Britain and it was placed in the
Declaration not for that, but for future use." -- Abraham Lincoln




More information about the list mailing list