On Wed, 2002-09-18 at 06:05, Michael Renzmann wrote:
killall .bugtraq would be suitable as well, and it would destroy
every other instance of the program that is running currently. Even if
detecting the current PPID does not work for whatever reason.
*chuckle*
Unrelated to the
KevinL [EMAIL PROTECTED] writes:
On Wed, 2002-09-18 at 06:05, Michael Renzmann wrote:
killall .bugtraq would be suitable as well, and it would destroy
every other instance of the program that is running currently. Even if
detecting the current PPID does not work for whatever reason.
KevinL [EMAIL PROTECTED] writes:
On Wed, 2002-09-18 at 06:05, Michael Renzmann wrote:
killall .bugtraq would be suitable as well, and it would destroy
every other instance of the program that is running currently. Even if
detecting the current PPID does not work for whatever reason.
hi,
Solaris is vulnerable to this bug? Solaris killall kills _everything_
- not just the named process.
Erm... ok, good point. Never used Solaris so far :)
Use pkill @ solaris.
RTFM man pgrep, man pkill...
Ciao,
Bernd
--
Bernd Zeimetz - DH4PH - Tel.: +49
hi,
Solaris is vulnerable to this bug? Solaris killall kills _everything_
- not just the named process.
Erm... ok, good point. Never used Solaris so far :)
Use pkill @ solaris.
RTFM man pgrep, man pkill...
Ciao,
Bernd
--
Bernd Zeimetz - DH4PH - Tel.: +49 (0)6151
[...]
Indeed. A similar case to this is the Good Samaritan Act was abolished, or
at least changed in Australia to the point that if some one was mown down by
a bus and you pulled them off the road and they still died, you could be
sued by the family for killing them. It's a load of crud,
Geoff Crompton wrote:
(I've been trying to think of a reason that the owner of an infected
box would not appreciate efforts to sanitize the box).
simple
gross stupidity
I mean they didnt patch it on the first place...
Mind you if you did fix it for them they would probably never notice.
- Original Message -
From: thing [EMAIL PROTECTED]
Subject: Re: slapper countermeasures
Geoff Crompton wrote:
(I've been trying to think of a reason that the owner of an infected
box would not appreciate efforts to sanitize the box).
Mind you if you did fix it for them
Geoff Crompton [EMAIL PROTECTED] writes:
(I've been trying to think of a reason that the owner of an infected
box would not appreciate efforts to sanitize the box).
The big problem is that it's possible your efforts actually damage
important services or data that the virus didn't.
someone needs to fix thier anti-spam filter
regards
Thing
Jaroslaw Tabor wrote:
Your mail has been rejected by anti-spam filter
[...]
Indeed. A similar case to this is the Good Samaritan Act was abolished, or
at least changed in Australia to the point that if some one was mown down by
a bus and you pulled them off the road and they still died, you could be
sued by the family for killing them. It's a load of crud, but
Ralf Dreibrodt wrote:
Hi,
Michael Renzmann wrote:
Opinions?
you want to use a backdoor to get access a server, on which you are not
allowed to get access.
after that you want to modify the server (killing processes, deleting files)
and you use the server without permission (for
On Wed, Sep 18, 2002 at 08:29:15PM -0400, Vikki Roemer wrote:
Hmm... well, I know the law usually isn't this flexible, but from a
common-sense point-of-view, I think in this case most people would agree
that Mike's and Jean's ideas are a Good Thing. I mean, it's not like
they're going to
Geoff Crompton wrote:
(I've been trying to think of a reason that the owner of an infected
box would not appreciate efforts to sanitize the box).
simple
gross stupidity
I mean they didnt patch it on the first place...
Mind you if you did fix it for them they would probably never
- Original Message -
From: thing [EMAIL PROTECTED]
Subject: Re: slapper countermeasures
Geoff Crompton wrote:
(I've been trying to think of a reason that the owner of an infected
box would not appreciate efforts to sanitize the box).
Mind you if you did fix it for them
Geoff Crompton [EMAIL PROTECTED] writes:
(I've been trying to think of a reason that the owner of an infected
box would not appreciate efforts to sanitize the box).
The big problem is that it's possible your efforts actually damage
important services or data that the virus didn't.
someone needs to fix thier anti-spam filter
regards
Thing
Jaroslaw Tabor wrote:
Your mail has been rejected by anti-spam filter
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Ralf Dreibrodt wrote:
Hi,
Michael Renzmann wrote:
Opinions?
you want to use a backdoor to get access a server, on which you are not
allowed to get access.
after that you want to modify the server (killing processes, deleting files)
and you use the server without permission (for
On Wed, Sep 18, 2002 at 08:29:15PM -0400, Vikki Roemer wrote:
Hmm... well, I know the law usually isn't this flexible, but from a
common-sense point-of-view, I think in this case most people would agree
that Mike's and Jean's ideas are a Good Thing. I mean, it's not like
they're going to
Hi all.
How about the following idea: one could use the udp command language
that is implemented within the slapper worm to issue some commands for
self-deletion of the worm and informing the root user of every system
about how to close the hole. As far as I understood there is a network
Hi.
Jean Christophe ANDRÃ0/00 wrote:
Same idea here this night! :)
Hehe :)
I was thinking about the *good* way to do it...
May be something like this (root mail, some wait, virus self-kill):
/bin/ls -la /tmp | /bin/mail -s You have been infected by the Slapper worm root
/bin/sleep 300
Hi,
Michael Renzmann wrote:
Opinions?
you want to use a backdoor to get access a server, on which you are not
allowed to get access.
after that you want to modify the server (killing processes, deleting files)
and you use the server without permission (for sending mail).
well, IANAL, but
Hi,
hedrivings
sorry, i forgot to change this to experience...hedrivings is only for german
people ;)
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Hi.
Opinions?
you want to use a backdoor to get access a server, on which you are not
allowed to get access. [...]
I know this can rise problems. We recently had a discussion like this
which showed up good arguments for both sides. Asking a lawyer won't be
of much help because they can't
J.C. André écrivait :
May be something like this (root mail, some wait, virus self-kill):
/bin/ls -la /tmp | /bin/mail -s You have been infected by the Slapper
worm root
/bin/sleep 300 # to wait for the propagation, some network are slow
/bin/kill -9 $PPID # *MUST* CHECK IF IT
Michael Renzmann wrote:
i already made some bad hedrivings a few years ago with something like
this...
But one thing I would like to know: what do you mean with hedrivings? :)
experiences.
i asked a friend, what i could say for erfahrungen in english, he
answered hedrivings, so fast,
Ralf Dreibrodt écrivait :
you want to use a backdoor to get access a server, on which you are not
allowed to get access. after that you want to modify the server (killing
processes, deleting files) and you use the server without permission (for
sending mail).
well, IANAL, but you should
Hi.
Jean Christophe ANDRÃ0/00 wrote:
The problem will be: every command that slapper executes runs with the
uid of the infiltrated ssl webserver.
So the kill will also run as the same uid...
*bing* Ok, got the point. I forgot that the uid is allowed to kill
processes with it's own uid.
So I
On Wed, 2002-09-18 at 06:05, Michael Renzmann wrote:
killall .bugtraq would be suitable as well, and it would destroy
every other instance of the program that is running currently. Even if
detecting the current PPID does not work for whatever reason.
*chuckle*
Solaris is vulnerable to this
KevinL écrivait :
On Wed, 2002-09-18 at 06:05, Michael Renzmann wrote:
killall .bugtraq would be suitable as well, and it would destroy
every other instance of the program that is running currently. Even if
detecting the current PPID does not work for whatever reason.
Solaris is
Hi.
Jean Christophe ANDRÃ0/00 wrote:
But may be the main point is: is it really possible to have multiple
instance of the .bugtraq program?!? If so, all of them would join the
network and should receive the mail-sleep-kill command!
I've seen two processes running on an infected server. But
Hi all.
How about the following idea: one could use the udp command language
that is implemented within the slapper worm to issue some commands for
self-deletion of the worm and informing the root user of every system
about how to close the hole. As far as I understood there is a network
Michael Renzmann écrivait :
Hi all.
How about the following idea: one could use the udp command language
that is implemented within the slapper worm to issue some commands for
self-deletion of the worm and informing the root user of every system
about how to close the hole. As far as I
Hi.
Jean Christophe ANDRÃ0/00 wrote:
Same idea here this night! :)
Hehe :)
I was thinking about the *good* way to do it...
May be something like this (root mail, some wait, virus self-kill):
/bin/ls -la /tmp | /bin/mail -s You have been infected by the Slapper worm
root
/bin/sleep 300
Hi,
hedrivings
sorry, i forgot to change this to experience...hedrivings is only for german
people ;)
Hi.
Opinions?
you want to use a backdoor to get access a server, on which you are not
allowed to get access. [...]
I know this can rise problems. We recently had a discussion like this
which showed up good arguments for both sides. Asking a lawyer won't be
of much help because they can't
J.C. André écrivait :
May be something like this (root mail, some wait, virus self-kill):
/bin/ls -la /tmp | /bin/mail -s You have been infected by the Slapper
worm root
/bin/sleep 300 # to wait for the propagation, some network are slow
/bin/kill -9 $PPID # *MUST* CHECK IF IT
Michael Renzmann wrote:
i already made some bad hedrivings a few years ago with something like
this...
But one thing I would like to know: what do you mean with hedrivings? :)
experiences.
i asked a friend, what i could say for erfahrungen in english, he
answered hedrivings, so fast,
Hi.
Ralf Dreibrodt wrote:
experiences.
i asked a friend, what i could say for erfahrungen in english, he
answered hedrivings, so fast, that i didn't doubt.
Ah, I see... english for runaways ;)
Bye, Mike
Hi.
Jean Christophe ANDRÃ0/00 wrote:
The problem will be: every command that slapper executes runs with the
uid of the infiltrated ssl webserver.
So the kill will also run as the same uid...
*bing* Ok, got the point. I forgot that the uid is allowed to kill
processes with it's own uid.
On Wed, 2002-09-18 at 06:05, Michael Renzmann wrote:
killall .bugtraq would be suitable as well, and it would destroy
every other instance of the program that is running currently. Even if
detecting the current PPID does not work for whatever reason.
*chuckle*
Solaris is vulnerable to this
KevinL écrivait :
On Wed, 2002-09-18 at 06:05, Michael Renzmann wrote:
killall .bugtraq would be suitable as well, and it would destroy
every other instance of the program that is running currently. Even if
detecting the current PPID does not work for whatever reason.
Solaris is
Hi.
KevinL wrote:
killall .bugtraq would be suitable as well, and it would destroy
every other instance of the program that is running currently. Even if
detecting the current PPID does not work for whatever reason.
*chuckle*
Solaris is vulnerable to this bug? Solaris killall kills
Hi.
Jean Christophe ANDRÃ0/00 wrote:
But may be the main point is: is it really possible to have multiple
instance of the .bugtraq program?!? If so, all of them would join the
network and should receive the mail-sleep-kill command!
I've seen two processes running on an infected server. But
44 matches
Mail list logo
