Nmap Security Scanner
*Intro
*Ref Guide
*Install Guide
*Download
*Changelog
*Book
*Docs
Security Lists
*Nmap Hackers
*Nmap Dev
*Bugtraq
*Full Disclosure
*Pen Test
*Basics
*More
Security Tools
*Pass crackers
*Sniffers
*Vuln Scanners
*Web scanners
*Wireless
*Exploitation
*Packet crafters
*More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:
edgeos



Vulnerability Development: Re: AW: CodeGreen beta release (idq-patcher/antiCodeRed/etc.)

Re: AW: CodeGreen beta release (idq-patcher/antiCodeRed/etc.)

From: Patrick Patterson <ppatterson_at_carillonis.com>
Date: Fri, 7 Sep 2001 09:06:50 -0400

-----BEGIN PGP SIGNED MESSAGE-----

On September 6, 2001 02:24 pm, Markus Kern wrote:
> Steinhart Alexander wrote:
> > >Clever tool with immoral, unethical and possibly illegal use.
> >
> > I would not like to discuss here the moral... It's question of the time
> > and a (Anti)Worm is free, but I don't hope this a Scriptkiddy who set a
> > beta version into the world...
> >
> > My question, whether it participates meaningful one antiworm, to let
> > stop at a certain time and not with a certain percentage (I hope
> > millionth... part) of found servers to "patch"?
>
> I don't know if I've fully understood you but I think you're asking if it
> wouldn't be better to make an anti-worm stop after a certain percentage
> of hosts have been patched than after a certain time has passed.
>
> Assuming that the malicious worm is scanning the net randomly the anti-worm
> could monitor the frequency of intrusion attempts and shut itself down if
> the rate falls below a certain threshold.
>

In cases where we have some pretty good statistics about the propagation and
saturation of a given worm, if you were going to write such a worm (and I'll
leave that debate to others more versed in ethics and law than myself),
wouldn't it be the best idea to have it shut down (permanently) at
SATURATION_TIME(target_worm)+a short time - so in this case, CodeGreen should
have been programmed to shut down no more than 6 days after infecting a box.

- --

Patrick Patterson Tel: (514) 485-0789
Chief Security Architect Fax: (514) 485-4737
Carillon Information Security Inc. E-Mail: ppatterson_at_carillonIS.com
- -----------------------------------------------------------------------
                The New Sound of Network Security
                     http://www.carillonIS.com

-----BEGIN PGP SIGNATURE-----
Version: PGPfreeware 5.0i for non-commercial use
MessageID: a6XSd99ZWIYUXIUVPGUxXG+LRY4nTE5F

iQCVAwUBO5jGbrqc3sMKNyclAQEaIwQAjsMmGV+yGi60MDEZAmJllOn5A7VJK3V1
KVQQIX5CGZ3d1nTnX+ZgpHnx+F37HUu/8d6kTajID+QjKFefX9jD3Gy/zDmvxBAf
ubk6LyQAXWE4PDwPf40LT4qeZan3D45WSonbqQen6VlHC/J4znSj4mCX53zED1Et
7RlIfbyPTG4=
=kxJa
-----END PGP SIGNATURE-----
Received on Sep 07 2001

[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
edgeos