thewayne: (Default)
The Wayne ([personal profile] thewayne) wrote2008-06-05 06:18 pm
Entry tags:

Computer researchers have come up with a pretty effective anti-worm tool

Basically, it watches your network to see how many scans any given computer is performing. If it crosses a threshold, the network cuts it out. Worms perform lots of scans, looking for vulnerable computers, so by watching this behavior, infected computers can be identified, isolated, and cleaned.

I like the concept, it could be very useful. But the counter-stroke for worm authors is to slow down how much they're scanning. The same concept is applied to distributed denial of service attacks. If your company web site normally gets 200 hits a day and suddenly gets 10,000 a minute, you know you're getting DOS'd. But if that number goes up to 500 an hour, you might not notice it, but still it'll be eating up your bandwidth.

http://www.networkworld.com/community/node/28433

http://tech.slashdot.org/article.pl?sid=08/06/04/2213216
silveradept: A kodama with a trombone. The trombone is playing music, even though it is held in a rest position (Default)

[personal profile] silveradept 2008-06-06 05:55 am (UTC)(link)
Now that's using your head! Figure out the characteristic of your opponent, and then move to block that, containing the spread, or at least, slowing it down significantly. Installed at a high level along the way, it would be easy to snag infected machines. I can imagine the irate telephone calls, but so long as there are cure-types to those infections, I'm sure it would be fairly easy to stop worms before they went too far.

[identity profile] thewayne.livejournal.com 2008-06-06 12:18 pm (UTC)(link)
People on Slashdot have talked about this all the time, force the compromised machines off the network so they can't spread the infection. It's a great concept: suddenly the user can't do anything online, so they call tech, who looks at network or account status and tells the user that apparently their machine has been compromised and it has to be repaired before it's allowed online again, according to the network's terms of service. The problems is Ma & Pa Kettle living in the middle of nowhere with no decent computer shops near them. Some of these infections you just can't clean yourself,
silveradept: A kodama with a trombone. The trombone is playing music, even though it is held in a rest position (Default)

[personal profile] silveradept 2008-06-06 02:53 pm (UTC)(link)
Yeah. That's the one thing I was wondering about - this only works if there's some way of getting the infection cleared up before the computer comes back on-line. Even if the tech mails a CD to Ma and Pa Kettle, it has to be something that can be fixed.