[Dshield] Blackworm liability with ISPs?

Chris Wright dshield at yaps4u.net
Thu Feb 2 18:15:22 GMT 2006


That is until someone points out that MS XP already does this and all you
have to do is make this visable to the upstream ISP maybe as part of the
connection handshake to complete the scenario.
Just the mention of the word MS will be enough to send the conspracists
running to their keyboards.

(And don't start on, "And why is the internet such a bad place in the first
place").

In fact, making the security status of the machine part of the connection
handshake is a good idea.
But it can be easily faked I suppose by having some sort of backdoor dialer,
but if all PC's/Modems had to exhange Username, password, you could replace
the useless MAC address part of it with a flag that indicates the security
status of the PC)..
There's a flaw in that idea - One router, many PC's.
Oh well, more work required.  But the crux is, there needs to be a method of
each users PC passing upstream the state of "its security system",
regardless of OS, or how ever many PC's sit on that network. (Unless the
router on the boundary of the users network sends the flags, saying its ok,
nothing gets in or out without me knowning).  But then that will get faked
as well.

Sod it, sue the end user ;)

Chris

> -----Original Message-----
> From: list-bounces at lists.dshield.org 
> [mailto:list-bounces at lists.dshield.org] On Behalf Of J Lake
> Sent: 02 February 2006 17:35
> To: General DShield Discussion List
> Subject: Re: [Dshield] Blackworm liability with ISPs?
> 
> On Thursday 02 February 2006 12:13 pm, Jon R. Kibler wrote:
> > Perhaps, a better approach is to 'license' computers. For a 
> computer 
> > to connect to the Internet, the computer must be able to 
> demonstrate 
> > that: 1) It is fully patched
> >    2) It is running AV software w/ current sigs
> >    3) It has a properly configured firewall
> >
> > Commercial tools already exist to perform such checks. Why 
> not require it?
> 
> 
> This sounds like a really good idea - "This computer is 
> Internet Certified" 
> That way the user doesn't get directly involved. You know how 
> people can react when they are told they are not "good 
> enough" or "smart enough" This way - it's not personal - it's 
> the computer, not the end-user.
> 
> There is a savvy marketing scheme in here somewhere. 
> Hopefully someone will give you full credit!
> 
> *resumes lurking*
> 
> _________________________________________
> Learn about Intrusion Detection in Depth from the comfort of 
> your own couch:
> https://www.sans.org/athome/details.php?id=1341&d=1
> 
> _______________________________________________
> send all posts to list at lists.dshield.org To change your 
> subscription options (or unsubscribe), see: 
> http://www.dshield.org/mailman/listinfo/list
> 




More information about the list mailing list