Date: Sun, 23 Sep 2001 13:58:05 +0400 (MSD) From: ark@eltex.ru To: danderse@cs.utah.edu (David G Andersen) Cc: chris@JEAH.net (Chris Byrnes), security@FreeBSD.ORG Subject: Re: New worm protection Message-ID: <200109230958.NAA29845@paranoid.eltex.ru> In-Reply-To: <200109230836.f8N8akx29012@faith.cs.utah.edu> from "David G Andersen" at Sep 23, 2001 02:36:46 AM
next in thread | previous in thread | raw e-mail | index | archive | help
nuqneH, Is there a way to send a command to worm to shut it (or just a machine) down? I remember Code Red installed some kind of backdoor that allowed remote control without trying the whole bunch of exploits, does NIMDA have such a 'feature'? YOU (David G Andersen) WROTE: > > NIMDA doesn't hang out for very long waiting for a response > to the script headers, so a labrea-tarpit like approach won't > actually be particularly effective. The sleep(5) will slow > it down a little bit, and the exit(0) will make it > return with no data sent back, not even a 404. Which > will help a bit on the outbound bandwidth, but, of course > won't help on the inbound. Others have posted scripts to > NANOG (see http://www.nanog.org/ and check the archive) > that will automatically trigger ipfw / ipchains additions, > but, as always, be particularly careful with those. -- _ _ _ _ _ _ _ {::} {::} {::} CU in Hell _| o |_ | | _|| | / _||_| |_ |_ |_ (##) (##) (##) /Arkan#iD |_ o _||_| _||_| / _| | o |_||_||_| [||] [||] [||] Do i believe in Bible? Hell,man,i've seen one! To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200109230958.NAA29845>