-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 At 10:09 AM 5/8/2002, Jonathan Bloomquist wrote: >I lean more to the side of shaming the admins into >fixing them than ignoring them. However, sending a >message is one thing, but actually patching their box >is going a bit too far for me even if it is to help >them. Warn 'em, shame 'em, scream at 'em, and mail >bomb their ISP until they take action, but make each >site patch themselves. > >"If we kill 'em they won't learn nuthin'." Great quote... Just so as everyone knows, I was not saying that you advocated a reverse-patch... I was just pointing out use of the root.exe (I know- just the mention of that file in text will cause me to receive many "You are infected!" auto-responders) was cool- from a technical standpoint. Someone in another post actually brought up patching the box, and I was running with it. Here is what I want to do- Discussing the theory and legality and all that is fine, but does not really get us anywhere. I am willing to dedicate time to this to experiment if there is someone out there with the technical expertise to pull it off. I'll even host it on hammerofgod.com to test it in the wild. The first thing to do is to determine exactly what is necessary to patch the system, or if an actual "patch" is even necessary. I wrote a little app called Mutex (in the downloads section of www.hammerofgod.com) that loads a named mutex that prevents Nimda from running.- something like that would be an easy place to start. I know many of you are vehemently opposed to any sort of action like this, but we're talking 5 billion attempts per day, and something has to be done about it. Let's get a working model on the table, prove it works, and then see what happens. AD -----BEGIN PGP SIGNATURE----- Version: PGP 7.1 iQA/AwUBPNljkYhsmyD15h5gEQKwUACaAslIUpSt7qbhpsTLlIMHsIk5kWoAoPZp yjLTFCUdG3lbNPEcswGGP5lT =ErcF -----END PGP SIGNATURE-----
This archive was generated by hypermail 2b30 : Wed May 08 2002 - 14:49:19 PDT