Re: FW: Careful. This is for information only.
taking a cue from various posts on this subject, i tar'd up a *lot* of gnu
software tars into one heck of large file. i put this in my webserver html
section as default.ida, thinking, well, if the infected machine wants a file,
give it to it! <g>
transferring hundreds of megabytes should get the attention of the culprit
machine user!! <bg>
unfortunately, this malicious worm will disconnect if it starts uploading (it
would appear). the error log file notes that the upload was disconnected. :((
on the other hand, maybe it filled a disk somewhere???
On Monday 06 August 2001 21:35, Karsten M. Self wrote:
> on Mon, Aug 06, 2001 at 10:54:10PM -0500, Nathan E Norman
> > On Mon, Aug 06, 2001 at 10:24:04PM -0500, John Hasler wrote:
> > > Ian Perry writes:
> > > > You could, but wouldn't be better to alert then than shutting them
> > > > down... there could be legal ramifications in lost income etc etc
> > > > for a public server.
> > >
> > > Making any use at all of the backdoor, even just to send the admin a
> > > message, is probably a crime under US law.
> > When I worked for a cable ISP, we had a customer who thought it would
> > be cool to alert other people on the network about their security
> > problems by printing a message on their printers. Some (clueless)
> > customers thought this was prelude to an attack and called the cops.
> > I have to agree with John ... using a security hole in someone else's
> > server for good or evil is probably not a good idea legally. I'd
> > advise against it.
> As noted on Slashdot, if you were to post a CR fix service installed at
> http://<yoursite>/default.ida, which would run a remote command on the
> connecting host, to de-worm and patch the offending box, who's
> culpability is it if your site is connected to and the patch is run?
> This is stretching the case a bit, but it's an interesting hypothetical.
> Frankly, I'm moderately convinced it's not a bad idea. Not quite a
> Cheese Worm -- it doesn't actively hunt hosts -- but widely distributed,
> an effective antidote.
> Personally I favor the "Debian GNU/Linux install" service model
allen wayne best
"your friendly neighborhood rambler owner"
"my rambler will go from 0 to 105"
Current date: 4:40:9::218:2001
The denunciation of the young is a necessary part of the hygiene of older
people, and greatly assists in the circulation of the blood.
-- Logan Pearsall Smith