[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

slapper countermeasures

Hi all.

How about the following idea: one could use the udp "command language" that is implemented within the slapper worm to issue some commands for self-deletion of the worm and informing the root user of every system about how to close the hole. As far as I understood there is a network between every infected server that uses communication over udp port 2002. If we could set up a script that is able to inject the appropriate commands to this network, that should shut down the whole network. It could possibly pop up again, but as soon as one of the p2p-nodes is known the complete new network should be accessible (if I understood the scheme correctly).


Bye, Mike

Reply to: