lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <GPEBKGFCEFKKNKNBHEGGMEDOLAAA.lists@daniel-rudolph.de>
From: lists at daniel-rudolph.de (Daniel Rudolph)
Subject: msblast DDos counter measures - a new worm to fix the problem

Hi,

i have an (maybe) new idea that worth discussing.

What about writing a new worm based on the well know exploit - this worm
should do something like:

- disinfect the machine from the know variants of msblast
- install the patch or at least inform the user that he should to that
- spread out like every worm does ;-)

The worm should stop spreading and delete itself if he cant effect new
systems.
Maybe if 95% of his attacks failed on an open 135 port. Or 100% of the last
X machine he attacked wasn?t reachable on that port.


I don?t think I have all the needed skills to make that really work like it
should. Also im not sure if that really is an solution or just an other
stupid idea. Tanks for your ideas about that.


Cya
Daniel

PS: greetings to Kristian M. who brought that idea into my mind but don?t
wanted to post here

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ