Home page logo
/

nanog logo nanog mailing list archives

Re: Sobig.f surprise attack today
From: Owen DeLong <owen () delong com>
Date: Fri, 22 Aug 2003 11:27:52 -0700


OK... Maybe I'm smoking crack here, but, if they have the list of 20 machines,
wouldn't it make more sense to replace them with honey-pots that download
code to remove SOBIG instead of just disabling them?

Let's use the virus against itself. At this point, I think that's a legitimate
countermeasure.

Owen


--On Friday, August 22, 2003 11:01 AM -0700 Jim Dawson <jdawson () navi net> wrote:


F-Secure Corporation is warning about a new level of attack to be
unleashed by the Sobig.F worm today. Supposed to take place at 1900 UTC.

http://www.f-secure.com/news/items/news_2003082200.shtml

Jim
--

See what ISP-Planet is saying about us!
http://isp-planet.com/services/wholesalers/flexpop.html
  __________________________________________________________________
  Jim Dawson                                     jdawson () flexpop net
  Flexpop/Navi.Net                            http://www.flexpop.net
  618 NW Glisan St. Ste. 101                      v. +1.503.517.8866
  Portland, Or  97209 USA                         f. +1.503.517.8868
  ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault