Home page logo

fulldisclosure logo Full Disclosure mailing list archives

Re: Benign Worms
From: Valdis.Kletnieks () vt edu
Date: Sat, 14 May 2005 14:26:51 -0400

On Sat, 14 May 2005 10:50:18 PDT, Eric Paynter said:
On Sat, May 14, 2005 9:30 am, Valdis.Kletnieks () vt edu said:
Even if you *do* manage to code the worm correctly, all it takes is for
*one* person visiting your site to have plugged their laptop into the net,
and you're at least potentially screwed.

Hopefully as a minimum, one would code it to be limited to certain
subnets. That way, even if it does get the laptop, when the laptop goes
onto the Internet, it will not scan from the NIC with a public IP. It will
just go dormant.

No, I meant "visiting salecritter  plugs into your net, your worm accidentally
trashes his laptop ("Hey, all *MY* boxen are Win2000, how was *I* to know that it
would mess up an XP box?"), and said salescritter and employer take action about it.

And I posit that if your network is either small enough or run *that*
fascistly that you are ready to swear on a Bible in court,
under penalty of perjury, that you *know* everything that's connected to
it, then you don't need a worm to fix it.

Although I would still suggest that a worm is not the way to go. Put the
"hack and patch" functionality on a server and point the server at each
subnet you want to target. Much safer. Much easier to control.

Exactly.  Among other things, you don't have to worry that some user 3 generations
of worm down the way removes some file he doesn't recognize, causing the worm
to mutate.

Attachment: _bin

Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]