[Dshield] Blackworm liability with ISPs?

Valdis.Kletnieks@vt.edu Valdis.Kletnieks at vt.edu
Thu Feb 2 17:51:20 GMT 2006


On Thu, 02 Feb 2006 12:13:21 EST, "Jon R. Kibler" said:

> Perhaps, a better approach is to 'license' computers. For a computer to
> connect to the Internet, the computer must be able to demonstrate that:
>    1) It is fully patched
>    2) It is running AV software w/ current sigs
>    3) It has a properly configured firewall
> 
> Commercial tools already exist to perform such checks. Why not require it?

Do said tools exist for *every* operating system we're likely to encounter?

Got something that will check a Debian, or an Ubuntu, or a FreeBSD box
for "fully patched"?  Oh, and don't forget the 3-rd party programs - you
need to check that Firefox is patched, and Gaim, and RealPlayer, and....

Oh, and you can't just check the release number of the program, either.
It's not at all unusual for a security fix to be applied to the stable
branch of a code tree, but a higher-numbered devel branch doesn't get the
fix for a while because the trees have diverged and the patch needs retrofitting.

So - my box connects to the net.  How do you, as the ISP, verify that I'm
current on Fedora patches (oh, and my box is somewhere to the left of
Fedora Core 5, which hasn't shipped yet)?  Oh, and you can't *ask* my box,
because I could have been compromised by a worm that hijacks that exchange
and gives a spurious "All OK here".....
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 226 bytes
Desc: not available
Url : http://www.dshield.org/pipermail/list/attachments/20060202/46eea22b/attachment.bin


More information about the list mailing list