Francis J. A. Pinteric
linuxdoctor at linux.ca
Wed Nov 13 18:24:19 EST 2002
On 13 Nov 2002 18:01:50 -0500
Mike Redan <mike at jeke.fdns.net> wrote:
> Morally I think you would be standing on firm ground to release purify,
> but legally you might be a bit shakey...remember Max Vision (Butler)?
> his "fix" had an obvious bad side to it, but by you fixing the bugs
> Slapper, it could be seen as malicious..
> be careful.
Well, in point of fact, I didn't change Slapper at all. I just exploited the bugs and developed a work around to make it work as it's supposed to. (Although I do have a modifed slapper with the bugs fixed -- which will never see the light of day).
However, I am aware that releasing a programme that is designed to specifically talk to slapper could be used to do other things as well. It's one thing to write a programme that exploits a bug in a legitimate programme, but is a programme that expoits bugs in a programme whose aims are illegitimate the same sort of thing? If you are interesting in doing harm to another system, why not use Slapper itself and not my little programme which relies on a previously infected system to start with? The exploit that Slapper uses to compromise a system is well known and available, so why not use that? My programme simply looks for already compromised systems, informs the users of that system of the fact, and kills of the currently running copy.
But these issues are really avoiding the main question. I guess I can paraphrase what I'm asking as this: is hunting virii in the wild moral? Is attacking a system and killing the virus that infected mine an act of self defence? What about sending a mail message to everyone on the system? Is that acceptable, or over the top?
As for releasing the code, I intend to. I'm just wondering if I am going to first extend it in the manner I mentioned to turn it into a Great Slapper Hunter or will leave it as programme that simply kills the virus on the system whose IP address you pass as an argument.
Currenltly, I'm keeping my apache server running and with a little script check for the arrival of Slapper. Once there, it extracts the attacker's IP address and then kills it, with the blast of mail messages to every user on that system. But there is SO MUCH MORE that I can make it do. I'm sort of intriqued by the Great Slapper Hunter that actively goes out on the Web and tracks them down and kills them.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Size: 189 bytes
Desc: not available
Url : http://tux.oclug.on.ca/pipermail/oclug/attachments/20021113/0370d03a/attachment.bin
More information about the OCLUG