Full Disclosure mailing list archives

Previous By Date Next
Previous By Thread Next

msblast DDos counter measures - a new worm to fix the problem

From: "Daniel Rudolph" <lists () daniel-rudolph de>
Date: Fri, 15 Aug 2003 15:20:12 +0200
Hi,

i have an (maybe) new idea that worth discussing.

What about writing a new worm based on the well know exploit - this worm
should do something like:

- disinfect the machine from the know variants of msblast
- install the patch or at least inform the user that he should to that
- spread out like every worm does ;-)

The worm should stop spreading and delete itself if he cant effect new
systems.
Maybe if 95% of his attacks failed on an open 135 port. Or 100% of the last
X machine he attacked wasn’t reachable on that port.


I don’t think I have all the needed skills to make that really work like it
should. Also im not sure if that really is an solution or just an other
stupid idea. Tanks for your ideas about that.


Cya
Daniel

PS: greetings to Kristian M. who brought that idea into my mind but don’t
wanted to post here


_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html
Previous By Date Next
Previous By Thread Next

Current thread: