[Dshield] Re: Dshield digest, Vol 1 #185 - 11 msgs

John Hardin johnh at aproposretail.com
Wed Aug 8 15:09:33 GMT 2001


Mark Martin wrote:
> 
> While in agreement with you on quashing the notion of the anti-worm, I'm
> still pondering how such a thing would even work, technically.  I mean, how
> would it spread?

I suspect the least-impact way to do this is NOT via a worm, as the
greatest inpact we're seeing is from the scanning activity itself. A
disinfection worm would not reduce the scanning activity much.

Rather, the tool should refer to a list of IP addresses from the
"central authority" (DShield?) and attempt to fix those machines.

Hey! The next big Distributed Processing Screen Saver app: download a
limited list of IP addresses from the central authority (which provides
a list that is "topologically close" if possible), attempt to patch
them, repeat.

--
John Hardin                                   <johnh at aproposretail.com>
Internal Systems Administrator                    voice: (425) 672-1304
Apropos Retail Management Systems, Inc.             fax: (425) 672-0192




More information about the list mailing list