mailing list archives
Re: Sobig.f surprise attack today
From: Owen DeLong <owen () delong com>
Date: Thu, 28 Aug 2003 08:18:34 -0700
Again, I am not proposing a worm. Simply a cleaner that would neuter the
worm that connected. What I am proposing would _ONLY_ provide software
if the connecting client chose to execute it, would neuter the worm on the
connecting client that executed it. Nothing that would worm to other
computers from there. That's high risk.
Alternatively, perhaps we could, instead, publish an INFECTED SYSTEMS
based on such connections to a honeypot. Any system which made the correct
request could then have it's address published via BGP or DNS for ISPs and
the like to do as they wish.
Again, I don't propose or advocate actively tampering with other peoples
systems. However, if someone comes to my website and asks for executable
code, then executes it, I do not feel that it is my responsibility to
provide them code which will not alter the contents of their system.
I also don't feel it is my responsibility to determine if their request
came from a human authorized to use the computer or a worm.
--On Friday, August 22, 2003 4:54 PM -0700 Doug Barton
<DougB () dougbarton net> wrote:
On Fri, 22 Aug 2003, Owen DeLong wrote:
Sure, it won't happen in 30 minutes, but, I don't understand why this
wasn't started when F-Secure first noticed the situation.
I seriously doubt that most (any?) ISP would be willing to accept the
legal liability for altering anything on the computer of a third party
that just happened to connect to an IP in a netblock they are
responsible for. White worms are an elegant engineering concept, but
have little practical value (and huge risk) outside of networks that you
"You're walkin' the wire, pain and desire. Looking for love in between."
- The Eagles, "Victim of Love"
Re: Sobig.f surprise attack today Owen DeLong (Aug 22)
RE: Sobig.f surprise attack today Matthew Kaufman (Aug 22)
RE: Sobig.f surprise attack today Vachon, Scott (Aug 22)