Security Incidents mailing list archives
RE: disinfection tool
From: Mark Ng <markn () markng co uk>
Date: Mon, 6 Aug 2001 13:19:52 +0100
Perhaps a very controversial viewpoint is using the backdoor installed by the copycat code red worm to patch these systems. The majority of sysadmins who by now haven't patched (or unmapped the script mappings from) their systems are mostly ignorant anyway. Perhaps a couple of honeypot systems built to automatically connect back, patch and reboot. The only issue that creates is the problem of transparent proxies. Not sure how you'd solve that one. This may eventually be the only way of actually getting rid of code red completely. If we live in a an ideal world, we'd eventually get the idiots to listen. However, I find that unlikely. Mark ---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
Current thread:
- RE: disinfection tool Mark Ng (Aug 06)
- Re: disinfection tool Alfred Huger (Aug 06)
- RE: disinfection tool Ken Pfeil (Aug 06)
- Re: disinfection tool Homer Wilson Smith (Aug 06)
- Re: disinfection tool Ryan Russell (Aug 06)
- RE: disinfection tool Rob McCauley (Aug 06)
- Re: disinfection tool Alfred Huger (Aug 06)