On Saturday 22 September 2001 09:33 am, you wrote:
Actually, I think the idea is to keep the infected system busy for as long as possible, so that it wastes time dealing with one box that it would otherwise spend messing with thousands and thousands of other systems. And it does zero configuration changes to the machine that hits it. If the infected machine does happen to crash, one can always hope that the admin will take it as a prompt to scan for virii and worms.
This may or may not work for existing worms, and newer worms will probably take it into account.
For the admin of the infected machine, he can come in in the morning and thank god his box hit somebody running LaBrea, because that means his machine only hit a hundred other systems instead of ten thousand.
Er. yeah. Potentially the box has now crashed. Because of your system. Not something I wanna get be potentially liable for.
No, his box crashed because he was allowing it to engage in illegal activity. I have a right to do anything I want with a malicious connection made to my machine, EVEN sending it a ton of viri, but Labrea does not do that, it just keeps on hanging on. You have perhaps a more effective solution? -- __________________________________________ J.Andersen