Vulnerability Development mailing list archives
RE: Telnetd exploit for solaris
From: "Kinsey, Robert" <Robert.Kinsey () Veridian com>
Date: Fri, 7 Sep 2001 12:32:16 -0700
Forgive me my seeming ignorance but isn't the concept behind the code green to only have it sent to confirmed infected systems? Also, if you can determine (through whatever means) a box hitting your network is infected, why not simply send the file/code to fix the problem to whomever owns the box (not always easy to find). This accomplishes two things - 1) it gets the file to the infected site and 2) you are not guilty of [essentially] doing the same thing as the original malicious code. If any code came through my site and executed (first I would question my site security) I would ID that file as a virus/worm (I think that's the original definition, isn't it???). Instead of taking your valuable time to write a code to fix the problem, why not 1) take the box off-line, 2) bounce the box (dumps the worm out of the cache), 3) INSTALL THE F#$%ING PATCH, and 4) restart the box. As for the script-kiddies. That's akin to thanking a burglar for breaking into your home, showing you that your locks are weak - how's that for logic??? <shrug> my .02 worth...
Current thread:
- Re: Telnetd exploit for solaris, (continued)
- Re: Telnetd exploit for solaris Gerard Palma (Sep 07)
- Re: Telnetd exploit for solaris Big Woz (Sep 07)
- Re: Telnetd exploit for solaris Gnuthad (Sep 08)
- Re: Telnetd exploit for solaris fintler (Sep 06)
- Re: Telnetd exploit for solaris Marc Soda (Sep 07)
- RE: Telnetd exploit for solaris Oliver Petruzel (Sep 07)