RE: Telnetd exploit for solaris

["Kinsey, Robert" <Robert.Kinsey () Veridian com>]

Forgive me my seeming ignorance but isn't the concept behind the code green
to only have it sent to confirmed infected systems?

Also, if you can determine (through whatever means) a box hitting your
network is infected, why not simply send the file/code to fix the problem to
whomever owns the box (not always easy to find).  This accomplishes two
things - 1) it gets the file to the infected site and 2) you are not guilty
of [essentially] doing the same thing as the original malicious code.

If any code came through my site and executed (first I would question my
site security) I would ID that file as a virus/worm (I think that's the
original definition, isn't it???).  Instead of taking your valuable time to
write a code to fix the problem, why not 1) take the box off-line, 2) bounce
the box (dumps the worm out of the cache), 3) INSTALL THE F#$%ING PATCH, and
4) restart the box.

As for the script-kiddies.  That's akin to thanking a burglar for breaking
into your home, showing you that your locks are weak - how's that for
logic???

<shrug>

my .02 worth...