Security Incidents mailing list archives

RE: disinfection tool

From: Mark Ng <markn () markng co uk>
Date: Mon, 6 Aug 2001 13:19:52 +0100

Perhaps a very controversial viewpoint is using the backdoor installed by the 
copycat code red worm to patch these systems.  The majority of sysadmins who 
by now haven't patched (or unmapped the script mappings from) their systems 
are mostly ignorant anyway.  Perhaps a couple of honeypot systems built to 
automatically connect back, patch and reboot.

The only issue that creates is the problem of transparent proxies.  Not sure 
how you'd solve that one.

This may eventually be the only way of actually getting rid of code red 
completely.  If we live in a an ideal world, we'd eventually get the idiots 
to listen.  However, I find that unlikely.

Mark

----------------------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management 
and tracking system please see: http://aris.securityfocus.com

Current thread:

RE: disinfection tool Mark Ng (Aug 06)
- Re: disinfection tool Alfred Huger (Aug 06)
  - RE: disinfection tool Ken Pfeil (Aug 06)
  - Re: disinfection tool Homer Wilson Smith (Aug 06)
    - Re: disinfection tool Ryan Russell (Aug 06)
- RE: disinfection tool Rob McCauley (Aug 06)