Vulnerability Development mailing list archives
Re: Publishing Nimda Logs
From: Clinton Smith <security () infosecwest com>
Date: Thu, 09 May 2002 08:22:25 +0800
brossini () csc com au wrote:
I agree, these machines NEED to be cleaned and secured, OR removed from the network.
In a perfect world Microsoft , Apache etc could include a feature into their webservers that (via the exploit) produced a "net send" command to be run on the infected system telling them to patch up. eg. infected system requests dodgy URL eg: GET /scripts/root.exe?/c+dir the system then responds by requesting a net send command to the Administrator. (it might even be possible to do it via a URL rewriting/redirection rule) no - this will not fix all of the problems yes - it is probably illegal - or at the least very grey. an alternative to the above and public disclosure of infected systems would be to log to a communal cgi / database at Microsoft - as it is they who has gifted the world with this issue. After the addresses have been collected - let them take an active role in eradicating this menace. something like... (for apache) <Location /scripts/root.exe*> Deny from all ErrorDocument 403 http://abuse.microsoft.com/iis_abuse_log.cgi </Location> I look at this problem as the computer equivalent of smallpox - without cooperation and some big backers - there is little hope of defeating it in sporadic and isolated attempts. Clinton
Current thread:
- RE: Publishing Nimda Logs, (continued)
- RE: Publishing Nimda Logs Eli K. Breen (May 07)
- RE: Publishing Nimda Logs Andy Wood (May 08)
- Re: Publishing Nimda Logs Nick Lange (May 08)
- RE: Publishing Nimda Logs Andy Wood (May 08)
- Re: Publishing Nimda Logs warchild (May 07)
- Re: Publishing Nimda Logs Boyd Lynn Gerber (May 08)
- Re: Publishing Nimda Logs mlafon (May 07)
- RE: Publishing Nimda Logs Silcock, Stephen (May 07)
- RE: Publishing Nimda Logs brossini (May 08)
- RE: Publishing Nimda Logs Andy Wood (May 08)
- RE: Publishing Nimda Logs Jose Nazario (May 08)
- Re: Publishing Nimda Logs Clinton Smith (May 08)
- RE: Publishing Nimda Logs Alexander Sarras (ABG) (May 08)
- RE: Publishing Nimda Logs Ron DuFresne (May 08)
- Re: Publishing Nimda Logs zeno (May 08)
- Re: Publishing Nimda Logs Raistlin (May 08)
- Fw: Publishing Nimda Logs Knud Erik Højgaard (May 08)
- RE: Publishing Nimda Logs Healy, S. S., CTM2 (May 08)
- Re: Publishing Nimda Logs Knud Erik Højgaard (May 08)
- is: greyhat virus was Re: Publishing Nimda Logs Matthew McGehrin (May 08)
- Re: Publishing Nimda Logs Meritt James (May 08)
- Re: Publishing Nimda Logs Jordan Frank (May 08)
(Thread continues...)
- RE: Publishing Nimda Logs Eli K. Breen (May 07)