slapper countermeasures
Hi all.
How about the following idea: one could use the udp "command language"
that is implemented within the slapper worm to issue some commands for
self-deletion of the worm and informing the root user of every system
about how to close the hole. As far as I understood there is a network
between every infected server that uses communication over udp port
2002. If we could set up a script that is able to inject the appropriate
commands to this network, that should shut down the whole network. It
could possibly pop up again, but as soon as one of the p2p-nodes is
known the complete new network should be accessible (if I understood the
scheme correctly).
Opinions?
Bye, Mike
Reply to: