Re: FW: Careful. This is for information only.
Hi,
1. You still run into the ethics question of whether you
should be tampering with other people's boxes yourself,
even with good intentions. Even if it's just to run a
script.
2a. We don't KNOW that it was Chinese in origin. Sure, the
defacement script reads "Hacked by Chinese," but anyone
could have written that just to frame them. I've even
heard theories that the worm was created by the CIA....
2b. The DDoS target is actually a hardcoded IP address,
not "www.whitehouse.gov" so there's no DNS involved. That
IP address used to be the White House's, but they've long
since gotten that changed!
Y.Kelly
-----Original Message-----
From: Robert L. Harris Robert.L.Harris@rdlg.net
Sent: Wed, 8 Aug 2001 11:35:16 -0600
To: debian-user@lists.debian.org
Subject: Re: FW: Careful. This is for information only.
2 thoughts.
1) Write a script that instead of shutting down the system
applies a hot-fix or shuts the wurm off, maybe a cron type,
at job that
removes the files the wurm puts in place and then emails
the admin
with a "hey your box is hacked, fix it"...
2) My understanding is that this was made by some chineese
hacker
ticked off about that spy plane garbage and is DDOS'ing
whitehouse.gove. Being that we don't seem to be getting
much help
shutting this down since v2 is now out, lets change DNS for
a week
and point Whitehouse.gov to china.gov or some such mess.
Thus spake Nathan E Norman (nnorman@micromuse.com):
> On Wed, Aug 08, 2001 at 08:36:53AM +0200, Sebastiaan
wrote:
> > How about this? [ "white" worm ]
>
> You're missing the point.
>
> No one here is saying you would be a bad person if you
{shut
> off/nuked/notified} a remote site that is already
affected with the
> worm du jour.
>
> What I'm trying to say (and John Hasler as well if I may
be
> presumptuous) is that given the current state of affairs
legally, you
> would be _unwise_ to set up your system in such a way
that it did
> something to another machine via some back door
mechanism, even if
> what you did was clearly beneficial.
>
> Many are saying "but that's stupid, it's sad that we
can't help".
> You are absolutely correct. The Internet was supposed to
be about
> cooperation ... as far as I can see it's mostly a
playground for
> idiots and control freaks.
>
> If you want to figure out how to "stop" code red, go
right ahead!
> However, don't be surprised when some moron calls you and
wants to
> know why you've "hacked" his system. You can't share
wisdom with
> fools, unfortunately.
>
> Cheers,
>
> --
> Nathan Norman - Staff Engineer | A good plan today is
better
> Micromuse Ltd. | than a perfect plan
tomorrow.
> mailto:nnorman@micromuse.com | -- Patton
:wq!
------------------------------------------------------------
---------------
Robert L. Harris | Micros~1 :
Senior System Engineer | For when quality,
reliability
at RnD Consulting | and security just
aren't
\_ that important!
DISCLAIMER:
These are MY OPINIONS ALONE. I speak for no-one else.
FYI:
perl -e 'print $i=pack(c5,(41*2),sqrt(7056),(unpack(c,H)-
2),oct(115),10);'
--
To UNSUBSCRIBE, email to debian-user-
request@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact
listmaster@lists.debian.org
___________________________________________________________________________
Visit http://www.visto.com.
Find out how companies are linking mobile users to the
enterprise with Visto.
Reply to: