Perhaps a very controversial viewpoint is using the backdoor installed by the copycat code red worm to patch these systems. The majority of sysadmins who by now haven't patched (or unmapped the script mappings from) their systems are mostly ignorant anyway. Perhaps a couple of honeypot systems built to automatically connect back, patch and reboot. The only issue that creates is the problem of transparent proxies. Not sure how you'd solve that one. This may eventually be the only way of actually getting rid of code red completely. If we live in a an ideal world, we'd eventually get the idiots to listen. However, I find that unlikely. Mark ---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
This archive was generated by hypermail 2b30 : Mon Aug 06 2001 - 11:40:04 PDT