[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Full-Disclosure] msblast DDos counter measures - a new worm to fix the problem

To: <full-disclosure@lists.netsys.com>
Subject: [Full-Disclosure] msblast DDos counter measures - a new worm to fix the problem
From: "Daniel Rudolph" <lists@daniel-rudolph.de>
Date: Fri, 15 Aug 2003 15:20:12 +0200

Hi,

i have an (maybe) new idea that worth discussing.

What about writing a new worm based on the well know exploit - this worm
should do something like:

- disinfect the machine from the know variants of msblast
- install the patch or at least inform the user that he should to that
- spread out like every worm does ;-)

The worm should stop spreading and delete itself if he cant effect new
systems.
Maybe if 95% of his attacks failed on an open 135 port. Or 100% of the last
X machine he attacked wasn’t reachable on that port.


I don’t think I have all the needed skills to make that really work like it
should. Also im not sure if that really is an solution or just an other
stupid idea. Tanks for your ideas about that.


Cya
Daniel

PS: greetings to Kristian M. who brought that idea into my mind but don’t
wanted to post here


_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

Follow-Ups:
- Re: [Full-Disclosure] msblast DDos counter measures - a new worm tofix the problem
  - From: Paul Schmehl <pauls@utdallas.edu>

References:
- Re: [Full-Disclosure] msblast DDos counter measures (More Insight Maybe?)
  - From: "Chris Garrett" <somatose@cox.net>

Prev by Date: RE: [Full-Disclosure] MS should point windowsupdate.com to 127.0.0.1
Next by Date: Re: [Full-Disclosure] msblast DDos counter measures (More Insight Maybe?)
Prev by thread: Re: [Full-Disclosure] msblast DDos counter measures (More Insight Maybe?)
Next by thread: Re: [Full-Disclosure] msblast DDos counter measures - a new worm tofix the problem
Index(es):
- Date
- Thread