[Esd-l] ANN: Sanitizer 1.133 released
John D. Hardin
jhardin at impsec.org
Sun Jan 6 10:34:00 PST 2002
On Sat, 5 Jan 2002, Brett Glass wrote:
> >Can you give me a useful example of a backreference in a filespec?
>
> Any worm that generates names with repeating characters or patterns.
> There are a few; I was thinking of coding them in.
I have a testbed for that sort of thing. Give me a sample filename and
a suggested spec and I'll try it out. If it doesn't work I'll try to
get it to work.
> By the way, one feature I'd like to see in the "poisoned" list: a
> second field, after the file name, that lets you (optionally) tag
> the poisoned name with a message to be used when the name is
> discovered. This would be useful to identify worms to the
> administrator and/or a person receiving an automatic response.
> Right now, my local recipes generate such strings but the general
> poisoning mechanism does not.
In the 2.0 experimental code the format for the policy file includes a
slot for specifying a custom response file for a given spec. I'll
probably implement that soon as a more general solution rather than
just a single string.
--
John Hardin KA7OHZ ICQ#15735746 http://www.impsec.org/~jhardin/
jhardin at impsec.org pgpk -a jhardin at wolfenet.com
768: 0x41EA94F5 - A3 0C 5B C2 EF 0D 2C E5 E9 BF C8 33 A7 A9 CE 76
1024: 0xB8732E79 - 2D8C 34F4 6411 F507 136C AF76 D822 E6E6 B873 2E79
-----------------------------------------------------------------------
Monty Python's Star Trek Voyager:
A successful trans-warp experiment turns Paris and Janeway into
newts, but they get better.
...wait a minute... It's already been done...
-----------------------------------------------------------------------
13 days until Babylon 5: the Legend of the Rangers
More information about the esd-l
mailing list