Home page logo

fulldisclosure logo Full Disclosure mailing list archives

Re: Benign Worms
From: Valdis.Kletnieks () vt edu
Date: Fri, 13 May 2005 12:26:00 -0400

On Fri, 13 May 2005 11:13:03 CDT, k k said:

There is debate surrounding whether releasing benign worms such as Nachi or 
Welcha, in general is ethical or not.  But network administrators can still 
create benign worms for their need (not necessarily Nachi or Welcha) and 
release them in their domain to patch systems.

1. Do people do that?  Or at least, have you considered it?

I doubt anybody seriously considers it

3. If not, what prevents you from doing that?

There's 3 basic setups:

1) You don't have a lot of machines.  You don't *need* a worm to update 5 or 10
boxes, just walk to each and do it.

2) You have a lot of machines that aren't under your direct administrative control
(for example, an ISP or a university).  You can't deploy a worm, because those
boxes aren't yours to screw around with - worming them could get you arrested
for hacking and/or end up liable for any damages caused if a machine glitches
during the patch.

3) You have a lot of machines under your control that you need to update.
You don't need a worm - there's plenty of tools like "Push an update via
an AD policy" and so on, and you should be using those.

Attachment: _bin

Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]