Re: FW: Careful. This is for information only.

To: debian-user@lists.debian.org
Subject: Re: FW: Careful. This is for information only.
From: Craig Dickson <crdic@yahoo.com>
Date: Wed, 8 Aug 2001 11:21:02 -0700
Message-id: <[🔎] 20010808112102.A16615@crdic.ath.cx>
In-reply-to: <[🔎] 20010808113516.C5312@rdlg.net>
References: <[🔎] 878zgvgy16.fsf@toncho.dhh.gt.org> <[🔎] Pine.HPP.3.95.1010808083336.4503B-100000@elektron.its.tudelft.nl> <[🔎] 20010808121410.D8939@micromuse.com> <[🔎] 20010808113516.C5312@rdlg.net>

Robert L. Harris wrote:

> 2 thoughts.  

If you want to call them that, okay.

Sorry, I'm getting mildly annoyed by the conversation at this point.
We seem to be dividing into two groups: those with a clue, and those
who neither have one nor seem able to catch one when it floats by.
By now, I think anyone who previously lacked a clue but was capable
of acquiring one has done so.

> 1)  Write a script that instead of shutting down the system
> applies a hot-fix or shuts the wurm off, maybe a cron type, at job that
> removes the files the wurm puts in place and then emails the admin
> with a "hey your box is hacked, fix it"...

How many messages have we had today proposing this or pointing out that
legally this is the same as the original worm? Unauthorized access is
unauthorized access.

And what's all this nonsense about mailing the admin or setting up a
cron job? Are you by chance thinking that Code Red runs on Unix? The
average Windows 2000 machine doesn't run a mail transport, especially
not the home cable/DSL systems that seem to be the biggest problem at
this point. You can complain to their ISP if you like. I think that's
already being done by various people.

> 2) My understanding is that this was made by some chineese hacker
> ticked off about that spy plane garbage and is DDOS'ing 
> whitehouse.gove.  Being that we don't seem to be getting much help
> shutting this down since v2 is now out, lets change DNS for a week
> and point Whitehouse.gov to china.gov or some such mess.

You not only haven't been reading this list very carefully, you also
haven't been reading the news. The attack on www.whitehouse.gov is by a
hard-coded (and now obsolete) IP address, not by DNS name. There is also
no proof at all that Code Red is of Chinese origin; the only indication
of that is the "Hacked by Chinese!" web page that hacked servers display
for a few hours after their initial infection. I don't know about you,
but if I were going to write something like Code Red, I would include
something like this as pure misdirection, to reduce the chance of
getting caught.

Craig

Reply to:

Follow-Ups:
- Re: FW: Careful. This is for information only.
  - From: "Robert L. Harris" <Robert.L.Harris@rdlg.net>

References:
- Re: FW: Careful. This is for information only.
  - From: John Hasler <john@dhh.gt.org>
- Re: FW: Careful. This is for information only.
  - From: Sebastiaan <S.Breedveld@ITS.TUDelft.NL>
- Re: FW: Careful. This is for information only.
  - From: Nathan E Norman <nnorman@micromuse.com>
- Re: FW: Careful. This is for information only.
  - From: "Robert L. Harris" <Robert.L.Harris@rdlg.net>

Prev by Date: Re: FW: Careful. This is for information only.
Next by Date: Re: Backing up harddisk prior to failure
Previous by thread: Re: FW: Careful. This is for information only.
Next by thread: Re: FW: Careful. This is for information only.
Index(es):
- Date
- Thread