Home page logo
/

fulldisclosure logo Full Disclosure mailing list archives

RE: RE: Bening Worms (Cosmin Stejerean)
From: "Stejerean, Cosmin" <cstejere () cti depaul edu>
Date: Sun, 15 May 2005 20:33:06 -0500

   You would probably only do something like this in case of an
emergency.
In most cases there are a lot better ways to patch management than
spreading
a worm of your own.

Describe an emergency scenario where writing and testing a worm to do your
network is superior to deploying either a honeypot back-attack-and-patch or
centralized scan-and-patch service?

I'm not saying that this is the superior way to do it. The point I was
trying to make is that it is very risky and it should not be considered for
regular patching. There might be some cases when writing a quick "worm" to
patch rogue machines automatically might be better (especially to patch
laptops connected to a wireless hotspot, etc) but since it is risky it
should only be used in cases of emergency.

Perhaps the best example of how this was used and why it should be done
this
way unless it's an emergency is the problem with the Xerox researches in
1978 that used worms to automate tasks on their network. The code was
corrupted and over 200 machines crashed.

I think you meant "Why it *shouldn't* be done this way"?

Sorry, that it was I meant.

Attachment: smime.p7s
Description:

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault