[Dshield] Re: Dshield digest, Vol 1 #185 - 11 msgs
johnh at aproposretail.com
Wed Aug 8 15:09:33 GMT 2001
Mark Martin wrote:
> While in agreement with you on quashing the notion of the anti-worm, I'm
> still pondering how such a thing would even work, technically. I mean, how
> would it spread?
I suspect the least-impact way to do this is NOT via a worm, as the
greatest inpact we're seeing is from the scanning activity itself. A
disinfection worm would not reduce the scanning activity much.
Rather, the tool should refer to a list of IP addresses from the
"central authority" (DShield?) and attempt to fix those machines.
Hey! The next big Distributed Processing Screen Saver app: download a
limited list of IP addresses from the central authority (which provides
a list that is "topologically close" if possible), attempt to patch
John Hardin <johnh at aproposretail.com>
Internal Systems Administrator voice: (425) 672-1304
Apropos Retail Management Systems, Inc. fax: (425) 672-0192
More information about the list