From owner-freebsd-security  Sun Sep 23  8: 0:43 2001
Delivered-To: freebsd-security@freebsd.org
Received: from pkl.net (spoon.pkl.net [212.111.57.14])
	by hub.freebsd.org (Postfix) with ESMTP id E310237B409
	for <security@FreeBSD.ORG>; Sun, 23 Sep 2001 08:00:40 -0700 (PDT)
Received: from localhost (rik@localhost)
	by pkl.net (8.9.3/8.9.3) with ESMTP id QAA00998
	for <security@FreeBSD.ORG>; Sun, 23 Sep 2001 16:00:40 +0100
Date: Sun, 23 Sep 2001 16:00:40 +0100 (BST)
From: freebsd-security@rikrose.net
X-Sender: rik@pkl.net
To: security@FreeBSD.ORG
Subject: Re: New worm protection
In-Reply-To: <200109230958.NAA29845@paranoid.eltex.ru>
Message-ID: <Pine.LNX.4.21.0109231558440.900-100000@pkl.net>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-security.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-security>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-security>
X-Loop: FreeBSD.org

On Sun, 23 Sep 2001 ark@eltex.ru wrote:
> Is there a way to send a command to worm to shut it (or just a machine) down?
> I remember Code Red installed some kind of backdoor that allowed remote control
> without trying the whole bunch of exploits, does NIMDA have such a 'feature'?

Allegedly, yes, it installs a passwordless admin account. There is
information "out there", aparently, although, I haven't been bothered to
look it up, so I may be wrong.

--
PGP Key: D2729A3F - Keyserver: wwwkeys.uk.pgp.net - rich at rdrose dot org
Key fingerprint = 5EB1 4C63 9FAD D87B 854C  3DED 1408 ED77 D272 9A3F
Public key also encoded with outguess on http://rikrose.net



To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message