[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: slapper countermeasures

Michael Renzmann écrivait :
> Hi all.
> How about the following idea: one could use the udp "command language" 
> that is implemented within the slapper worm to issue some commands for 
> self-deletion of the worm and informing the root user of every system 
> about how to close the hole. As far as I understood there is a network 
> between every infected server that uses communication over udp port 
> 2002. If we could set up a script that is able to inject the appropriate 
> commands to this network, that should shut down the whole network. It 
> could possibly pop up again, but as soon as one of the p2p-nodes is 
> known the complete new network should be accessible (if I understood the 
> scheme correctly).
> Opinions?

Same idea here this night! :)

I was thinking about the *good* way to do it...
May be something like this (root mail, some wait, virus self-kill):
  /bin/ls -la /tmp | /bin/mail -s "You have been infected by the Slapper worm" root
  /bin/sleep 300	# to wait for the propagation, some network are slow


Reply to: