Vulnerability Development mailing list archives
RE: CodeGreen beta release (idq-patcher/antiCodeRed/etc.)
From: "t. patrick o'hara" <tpohara () bigfoot com>
Date: Thu, 6 Sep 2001 09:18:09 -0700
This discussion devides into two parts: Code Green type active scanners and CRClean type passive/response. Most of the "not on my box" group presume that all are bad. I agree that the active approach was not thought out. The author might have been better served to float the idea here before releasing the beta (he would have found out that CRClean was about to come out). Any ACTIVE scan IS an attack. But those of you who apply this to all responses must remember that in CRClean type response, YOUR BOX must be attacking me FIRST! Your rights have just gone out the window. Period. If you are such a good admin, you should already have caught the traffic and shut the dog down. Period. Especially true after EVERYONE in the security world knows there is a major problem. If your company has such lax control of it's boxes that they can attack me, then you need to have someone else come in and provide a serious security audit and policy upgrade. Stan got the point backwards, the mass of users who have no clue and no corporate admins to "guide" them are the victims of your hands off policy. Maybe none of you moonlight on boxes outside of your corporate worlds, but I do and the desire for an automatic fix is immense. Would I want someone ACTIVELY doing my personal network? No. But if I'm infected and someone responds to my attack by trying to fix it without hiding it, I welcome the help. Remember, the infection has to have already gotten past my defenses and I have somehow missed it. The person is at least trying to do me a favor. For those people who have no firewalls and think snort is something an animal does, a peer reviewed passive is the right answer. IMHO. T. Patrick O'Hara (contractor, client not disclosed per client's NDE)
Current thread:
- Re: CodeGreen beta release (idq-patcher/antiCodeRed/etc.), (continued)
- Re: CodeGreen beta release (idq-patcher/antiCodeRed/etc.) Ron DuFresne (Sep 07)
- Re: CodeGreen beta release (idq-patcher/antiCodeRed/etc.) abel (Sep 07)
- Re: CodeGreen beta release (idq-patcher/antiCodeRed/etc.) Stanley G. Bubrouski (Sep 07)
- Re: CodeGreen beta release (idq-patcher/antiCodeRed/etc.) Gert-Jan Hagenaars (Sep 07)
- Re: CodeGreen beta release (idq-patcher/antiCodeRed/etc.) Meritt James (Sep 07)
- Message not available
- Re: CodeGreen beta release (idq-patcher/antiCodeRed/etc.) .MetsyS. (Sep 06)
- AW: CodeGreen beta release (idq-patcher/antiCodeRed/etc.) Steinhart Alexander (Sep 05)
- Re: AW: CodeGreen beta release (idq-patcher/antiCodeRed/etc.) Markus Kern (Sep 06)
- Re: AW: CodeGreen beta release (idq-patcher/antiCodeRed/etc.) Patrick Patterson (Sep 07)
- RE: CodeGreen beta release (idq-patcher/antiCodeRed/etc.) t. patrick o'hara (Sep 06)
- RE: CodeGreen beta release (idq-patcher/antiCodeRed/etc.) Ivan Dimitrov (Sep 06)
- Re: CodeGreen beta release (idq-patcher/antiCodeRed/etc.) abel (Sep 06)
- Re: CodeGreen beta release (idq-patcher/antiCodeRed/etc.) Markus Kern (Sep 06)
- Re: CodeGreen beta release (idq-patcher/antiCodeRed/etc.) Stanley G. Bubrouski (Sep 06)
- Re: CodeGreen beta release (idq-patcher/antiCodeRed/etc.) S (Sep 06)
- Re: CodeGreen beta release (idq-patcher/antiCodeRed/etc.) Markus Kern (Sep 07)
- Re: CodeGreen beta release (idq-patcher/antiCodeRed/etc.) H D Moore (Sep 07)
- Re: CodeGreen beta release (idq-patcher/antiCodeRed/etc.) Markus Kern (Sep 07)
- Re: CodeGreen beta release (idq-patcher/antiCodeRed/etc.) Stanley G. Bubrouski (Sep 07)