Michael Renzmann écrivait : > Hi all. > How about the following idea: one could use the udp "command language" > that is implemented within the slapper worm to issue some commands for > self-deletion of the worm and informing the root user of every system > about how to close the hole. As far as I understood there is a network > between every infected server that uses communication over udp port > 2002. If we could set up a script that is able to inject the appropriate > commands to this network, that should shut down the whole network. It > could possibly pop up again, but as soon as one of the p2p-nodes is > known the complete new network should be accessible (if I understood the > scheme correctly). > Opinions?
Same idea here this night! :) I was thinking about the *good* way to do it... May be something like this (root mail, some wait, virus self-kill): /bin/ls -la /tmp | /bin/mail -s "You have been infected by the Slapper worm" root /bin/sleep 300 # to wait for the propagation, some network are slow /bin/kill -9 $PPID # *MUST* CHECK IF IT WILL REALLY KILL THE *RIGHT* ONE!! J.C. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
