OT: RC Vaccine?

Digital Wokan plug-discuss@lists.PLUG.phoenix.az.us
Tue, 07 Aug 2001 12:23:28 -0400 

Actually, I've spoken with one of Qwest's top DSL people, and he said
they wouldn't have a problem with me running servers on my connection. 
I had mentioned that being one of the reasons why I want to ditch cable.
Frankly, I'm just sitting back and having a chuckly at all the NT
servers getting hosed around the @Home service.  My access_log is piling
up the requests for /index.ida?XXXXXXXX...
Oh, and some people *ARE* allowed to run servers, but that's the higher
end @Work accounts.  If @Home/@Work has mingled it's IP addresses, your
solution becomes difficult to implement without pissing off the bigger
corporate customers.

TOS... Sure, I've heard of that.

And to the original author... People in network security already thought
of spreading the patch by worm.  They decided they didn't want to lower
themselves to the worm author's level.

Kick back, have a beer, and be happy Apache isn't vulnerable.
X-)

Kevin Brown wrote:
> 
> Actually that's not true.  Qwest/Cox could stop it from hitting their customers
> by putting in an Access Control List (ACL) in the routers.  According to my TOS
> I'm not allowed to be running any services, so if they block incoming requests
> to ports less than 1024, or just block the individual ports (21,22,23,80,
> etc...) then this worm wouldn't be able to affect any of Qwest's/Cox's
> non-business users.  The problem is they have chosen not to do this.
> 
> > > Just had a crazy thought about all this RC mess. How about writing an
> > > anti-worm-worm (or vaccine) that uses the same infection method, but
> > > removes all copies of the RC and RCII worm from the system, notifies the
> > > system admin of each box it's run on and then kills itself after a
> > > specified date? You could then write a script on your apache system that
> > > logs the IP of the infected host, and then schedules an
> > > anti-infection-infection to be run later. Whaddya think? Good, bad, ugly?
> > > =op
> 
> >  What if this same program installed a batch file or AT command to launch the
> > antivirus and or just go to windows update and get the patch for this worm.
> > Better yet just formatted the HD. Because of it I have extremely low
> > bandwidth, 60-100kbps on my cable modem which usually has downstream
> > throughput of 2+mbps, my brother in-law has Qwest DSL and can't even get
> > online because of this thing. The worst part is they (Cox/Qwest) can do
> > nothing about it.
> ________________________________________________
> See http://PLUG.phoenix.az.us/navigator-mail.shtml if your mail doesn't post to the list quickly and you use Netscape to write mail.
> 
> PLUG-discuss mailing list  -  PLUG-discuss@lists.PLUG.phoenix.az.us
> http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss