slapper countermeasures

To: debian-security@lists.debian.org
Subject: slapper countermeasures
From: Michael Renzmann <mrenzmann@dylanic.de>
Date: Tue, 17 Sep 2002 20:34:55 +0200
Message-id: <[🔎] 3D8775CF.70200@dylanic.de>

Hi all.

How about the following idea: one could use the udp "command language"that is implemented within the slapper worm to issue some commands forself-deletion of the worm and informing the root user of every systemabout how to close the hole. As far as I understood there is a networkbetween every infected server that uses communication over udp port2002. If we could set up a script that is able to inject the appropriatecommands to this network, that should shut down the whole network. Itcould possibly pop up again, but as soon as one of the p2p-nodes isknown the complete new network should be accessible (if I understood thescheme correctly).


Opinions?

Bye, Mike

Reply to:

Follow-Ups:
- Re: slapper countermeasures
  - From: Jean Christophe ANDRÃ? <jean-christophe.andre@auf.org>
- Re: slapper countermeasures
  - From: Ralf Dreibrodt <rd@mesos.de>
- Re: slapper countermeasures
  - From: Ralf Dreibrodt <rd@mesos.de>

Prev by Date: Re: Woody Samba Bug or Hacked?
Next by Date: Re: slapper countermeasures
Previous by thread: Re: Woody Samba Bug or Hacked?
Next by thread: Re: slapper countermeasures
Index(es):
- Date
- Thread