[Dshield] SQLSnake

Jason Baker jbaker at filonet.ca
Tue Jul 9 19:59:17 GMT 2002


On July 9, 2002 12:03 pm, Jon R. Kibler wrote:
> To All:
>
> It amazes me how many times each day we are still getting hit with SQLsnake
> probes. Given the nature of this worm -- as I understand it, it exploits
> the lack of a password on a server admin account -- I would think that
> someone would have developed a 'snake killer' that would simply shut down
> the infected system. That is, the program would also take advantage of the
> lack of proper passwords to issue the command(s) to shut down the server.
>
> Is this indeed possible? (If not, what am I missing?) Has such a program
> been developed and from where is it available? Thanks!

This opens up the same legal can of worms that any "active countermeasures" 
will open - namely, you now are guilty of similar crimes to the original 
perpetrator, in that you have performed undesired and unapproved actions on 
anothers computer system.

That's why I don't run nimda-killers, I may not be hauled in on a computer 
tresspass charge, but best to just avoid the possibility.




More information about the list mailing list