[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: FW: Careful. This is for information only.

taking a cue from various posts on this subject, i tar'd up a *lot* of gnu 
software tars into one heck of large file. i put this in my webserver html 
section as default.ida, thinking, well, if the infected machine wants a file, 
give it to it! <g>

transferring hundreds of megabytes should get the attention of the culprit 
machine user!! <bg>

unfortunately, this malicious worm will disconnect if it starts uploading (it 
would appear). the error log file notes that the upload was disconnected. :(( 
on the other hand, maybe it filled a disk somewhere???

On Monday 06 August 2001 21:35, Karsten M. Self wrote:
> on Mon, Aug 06, 2001 at 10:54:10PM -0500, Nathan E Norman 
(nnorman@micromuse.com) wrote:
> > On Mon, Aug 06, 2001 at 10:24:04PM -0500, John Hasler wrote:
> > > Ian Perry writes:
> > > > You could, but wouldn't be better to alert then than shutting them
> > > > down...  there could be legal ramifications in lost income etc etc
> > > > for a public server.
> > >
> > > Making any use at all of the backdoor, even just to send the admin a
> > > message, is probably a crime under US law.
> >
> > When I worked for a cable ISP, we had a customer who thought it would
> > be cool to alert other people on the network about their security
> > problems by printing a message on their printers.  Some (clueless)
> > customers thought this was prelude to an attack and called the cops.
> >
> > I have to agree with John ... using a security hole in someone else's
> > server for good or evil is probably not a good idea legally.  I'd
> > advise against it.
> As noted on Slashdot, if you were to post a CR fix service installed at
> http://<yoursite>/default.ida, which would run a remote command on the
> connecting host, to de-worm and patch the offending box, who's
> culpability is it if your site is connected to and the patch is run?
> This is stretching the case a bit, but it's an interesting hypothetical.
> Frankly, I'm moderately convinced it's not a bad idea.  Not quite a
> Cheese Worm -- it doesn't actively hunt hosts -- but widely distributed,
> an effective antidote.
> Personally I favor the "Debian GNU/Linux install" service model
> myself....

allen wayne best
"your friendly neighborhood rambler owner"
"my rambler will go from 0 to 105"
Current date: 4:40:9::218:2001

The denunciation of the young is a necessary part of the hygiene of older
people, and greatly assists in the circulation of the blood.
		-- Logan Pearsall Smith

Reply to: