[55307] in North American Network Operators' Group
Re: Anybody doing a "Code Green" for 1434?
daemon@ATHENA.MIT.EDU (Brian Wallingford)
Mon Jan 27 01:50:56 2003
Date: Mon, 27 Jan 2003 01:42:00 -0500 (EST)
From: Brian Wallingford <brian@meganet.net>
To: "Stewart, William C (Bill), SALES" <billstewart@att.com>
Cc: nanog@trapdoor.merit.edu
In-Reply-To: <1BEAD1ECDAF2EB4B865404186363827F084DB4C4@ocsrs03.ugd.att.com>
Errors-To: owner-nanog-outgoing@merit.edu
On Mon, 27 Jan 2003, Stewart, William C (Bill), SALES wrote:
:
:Back when the Code Red worm came out, somebody wrote a program
:that responded to Code Red probes by using the same hole to
:break into the infected server and disable it.
:Is anybody doing that with this worm?
I understand your point, but:
Wouldn't such a mechanism simply help to foster the laziness of those
whose machines helped propagate this issue (by delaying their awareness of
the problem and the need for their intervention)?
:Or does it step on the infected process too hard for that to work?
:
:Even if people don't want to run it on the open internet,
:due to concerns about appropriateness of reverse hacking,
:it might be useful for inside-the-firewall cleanup
:for corporations that get hit.
Might be. Let those inside worry about that (imho).
-brian
