actually, I didn't mean just anyone doing it.. I meant preferably the writer of the software in question, or people like Mandrake.... ie a trusted authority... Also, since the are already vunerable,,, they are already in the worst possible scenario.... maybe something similiar but different then... Say there are some servers somewhere, possibly M$, but not necessarily, and these servers listen for scans from servers with the IIS code red exploit that are scanning for other servers to infect... The servers in question (possibly microsoft, or someone like securityfocus), then these listening servers patch the compromised IIS servers for them.... They were not attacking as such, they were responding to an attack,, and if we look at the last thread, the php script that shutdown the server, patching it is a much nicer alternative.... it doesn't take the server down, and will stop the servers owner from having potentially much worse things happen later. I was initially thinking the other day, that I should modify the php hack that was posted to this list, so that it does a reverse DNS on the attacking servers IP and then tries to make some (lets say 30 - 50 educated guess's as to the sysadmin or other email address's on the server,, and send them off....) They might ignore 1 email, and they might ignore 5 emails, but would they ignore 50 emails? or say for example, the php script keeps sending emails until a set time period has passed.... (say a total of 150 small txt messages or something) If the sysadmin still hasn't done anything about it, and the server is still scanning mine, then it would be shut down via the exploit... I think that is not only fair, its considerate... People still think they can just unpack a server, stick it up and forget it.. (usually business people) I still know of a company that have NT4 SBS4 servers with only service pack 3 and no updates on them.... I try to inform them, they think that it won't happen to them, and that they would rather worry about it if it happens then beforehand... That is wrong... and the only way to convince them its wrong, would be to do something like I described... Then they would realise that it is necessary to update as part of the cost of the setup in the first place... until then, there will always be heaps of exploits out their waiting for someone to fall over them.. The question to ask yourself for example, if you were running RedHat 6.2, would you start and run the default Wu-ftp available to the internet??? I very much doubt it,, but these people wouldnt' know or care. rgds Frank -----Original Message----- From: Michel Clasquin [mailto:[EMAIL PROTECTED]] Sent: Sunday, 16 September 2001 10:01 PM To: [EMAIL PROTECTED]; [EMAIL PROTECTED] Subject: Re: [newbie] Idea for Open Source Developers.. On Sunday 16 September 2001 12:03, Franki wrote: > Not that long ago, a worm was released on the net that looked for a hole in > linux box's,,, and fixed them if it found them.. > > Why not do that with all remotely exploitable bugs?? > <snip> > > one question, is writting worms that patch holes on linux servers illegal? > I mean would I be classed as a blackhat for doing it??? I think this is an extraordinarily bad idea. The way to fix a bug is to point it out to the development team and let them deal with it, not to have all sorts of freelance "fixes" floating around the net. If you want to be more active, join the team and fix the problem with them. What happens if your patch doesn't work in all circumstances, but still alerts the script kiddies to the existence of the exploit? What happens if two people write different patches, and put together they cripple the application? What happens if a real bad hat takes over your identity and writes a virus disguised as one of your worms? With a friendly request to "please type in your root password to apply the patch"? Don't do this. Don't talk about it. Don't even THINK about it! -- Michel Clasquin, D Litt et Phil (Unisa) [EMAIL PROTECTED]/unisa.ac.za http://www.geocities.com/clasqm This message was posted from a Microsoft-free PC "An intellectual is someone who has discovered something more interesting than sex" - Aldous Huxley
Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
