Security Incidents mailing list archives
Re: Want to write a disinfection tool?
From: "L. Christopher Paul" <lcp () bofh sh>
Date: Sun, 05 Aug 2001 22:24:11 -0400
One question ... Mighten this lead to a false sense of security?With the CRv1 or CRv2 I can see this as being appropriate, but with CRII creating backdoors and then broadcasting the vulnerability, the incidence of compromises beyond the initial worm infestation is incredibly high.
By automating a 'fix', and not rebuilding the box, there is no guarantee that the box is safe to be re-connected to the network; only that the worm is gone and that it can't be re-infected.
If such a tool is built (which isn't all bad), it needs to be shipped with a big 'ole warning to that effect.
--lcp At 07:11 PM 8/5/2001 -0600, you wrote:
Anyone on the list that is a VBScript programmer that wants to write a disinfection tool for Code Red II? The scripts would need to:
---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service.For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
Current thread:
- Want to write a disinfection tool? aleph1 (Aug 05)
- Re: Want to write a disinfection tool? L. Christopher Paul (Aug 05)
- Re: Want to write a disinfection tool? aleph1 (Aug 05)
- Re: Want to write a disinfection tool? L. Christopher Paul (Aug 05)