If thousands or new servers still participate in November in the network and attack and CRclean finishes., it's not very good. It should stop first if it hardly still finds which with it scans; therefore the percentage under one certain Level falls... regards, Alexander ---------------- www.buhaboard.de -----Ursprungliche Nachricht----- Von: Markus Kern [mailto:markus-kernat_private] Gesendet: Donnerstag, 6. September 2001 20:24 An: Steinhart Alexander Cc: vuln-devat_private Betreff: Re: AW: CodeGreen beta release (idq-patcher/antiCodeRed/etc.) Steinhart Alexander wrote: > > >Clever tool with immoral, unethical and possibly illegal use. > I would not like to discuss here the moral... It's question of the > time and a (Anti)Worm is free, but I don't hope this a Scriptkiddy who > set a beta version into the world... > > My question, whether it participates meaningful one antiworm, to let > stop at a certain time and not with a certain percentage (I hope > millionth... part) of found servers to "patch"? I don't know if I've fully understood you but I think you're asking if it wouldn't be better to make an anti-worm stop after a certain percentage of hosts have been patched than after a certain time has passed. Assuming that the malicious worm is scanning the net randomly the anti-worm could monitor the frequency of intrusion attempts and shut itself down if the rate falls below a certain threshold. An interesting idea I didn't think of when coding CRclean. regards, Markus Kern
This archive was generated by hypermail 2b30 : Fri Sep 07 2001 - 10:46:35 PDT