Security Incidents mailing list archives
Re: "Nimda"?
From: "Jay D. Dyson" <jdyson () treachery net>
Date: Wed, 27 Feb 2002 19:57:39 -0800 (PST)
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Thu, 28 Feb 2002, Greg Williamson wrote:
Summary type email (like that in ARIS) is good, but for something that leaves an open door behind it (such as Code Red) it can be better to use that back-door to your advantage. With CodeRed, I cobbled together an automated response that notified the netblock administrator, but also used the root.exe hole to put a WinPopup box on the infected machine. That was fairly effective.
There's a reference to that in the EB FAQ. The problem with that approach is that -- here in the States -- that sort of thing could be construed as tampering with a crime scene. Mr. Woods' major problem with EB is that he doesn't understand how it works. He claims that such services should only send out one notice per day per IP. EB does that. In fact, it's even covered in the FAQ. If Mr. Woods bothered to RTFM, he'd understand that. - -Jay ( ( _______ )) )) .--"There's always time for a good cup of coffee"--. >====<--. C|~~|C|~~| (>------ Jay D. Dyson -- jdyson () treachery net ------<) | = |-' `--' `--' `The armed are citizens. The unarmed are subjects.' `------' -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.6 (SunOS) Comment: See http://www.treachery.net/~jdyson/ for current keys. iEYEARECAAYFAjx9qroACgkQGI2IHblM+8F45gCgglrCD3JLPgJ3m5TpbvGrXuGD EJoAn3JHpYZegQEkENnFngQUfFI4wti3 =+gAH -----END PGP SIGNATURE----- ---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
Current thread:
- "Nimda"? Bradley, Tony (Feb 26)
- Re: "Nimda"? Eric Brandwine (Feb 27)
- Re: "Nimda"? Devdas Bhagat (Feb 27)
- Re: "Nimda"? Jay D. Dyson (Feb 27)
- Re: "Nimda"? Greg A. Woods (Feb 27)
- <Possible follow-ups>
- RE: "Nimda"? Doug Harold (Feb 27)
- Re: "Nimda"? Joshua_Hiller (Feb 27)
- Re: "Nimda"? John . Swarbrick (Feb 27)
- RE: "Nimda"? McCammon, Keith (Feb 27)
- Re: "Nimda"? Greg Williamson (Feb 28)
- Re: "Nimda"? Jay D. Dyson (Feb 28)
- Question sherman.hand (Feb 28)
- Re: Question Valdis . Kletnieks (Feb 28)
- Re: "Nimda"? Nick FitzGerald (Feb 28)
- Re: "Nimda"? Greg Williamson (Feb 28)