I'm going to have to agree. -----Original Message----- From: Markus Kern [mailto:markus-kernat_private] Sent: Thursday, September 06, 2001 7:16 AM To: Alexander Sarras (SEA) Cc: vuln-devat_private Subject: Re: CodeGreen beta release (idq-patcher/antiCodeRed/etc.) "Alexander Sarras (SEA)" wrote: > > It might be discussable installing a - easily uninstallable - routine > which send emails and (broadcast) messages to admin account > accessible from the infected box, stating very clearly what to do 1) > to get rid of the worm 2) to get rid of that utility afterwards. But > surely not another virus. > > The only correct way IMHO is to shut of the access to the networks > for offenders. Via the direct ISP or the upstreams. This has been > done before, and this works. Ron DuFresne's <dufresneat_private> post indicates that this method doesn't always work as well as we'd like it to. Personally I prefer a technical solution to begging and court orders. http://www.technocracyinc.org/images/cbusses.jpg illustrates my point quite accurately. Markus Kern
This archive was generated by hypermail 2b30 : Thu Sep 06 2001 - 14:50:31 PDT