Home page logo

fulldisclosure logo Full Disclosure mailing list archives

RE: RE: Benign Worms (Cosmin Stejerean)
From: "Stejerean, Cosmin" <cstejere () cti depaul edu>
Date: Sun, 15 May 2005 22:27:54 -0500

regular patching. There might be some cases when writing a quick "worm"
patch rogue machines automatically might be better (especially to patch
laptops connected to a wireless hotspot, etc) but since it is risky it

Nope.. You don't *know* that a worm will or won't actually hit that 
vulnerable Laptop.  It *probably* will, given enough time.

Or you can just have an attack-trained DHCP server, and *know* that laptop
will get fixed when it rears its head on the network. ;)

That would be perhaps the best way to do this or as Nick was mentioning in
an earlier email, have the DHCP server scan the machine, not penetrate it,
then put it in a VLAN that can only access the site of the vendor to
download the patch or a page on your own network mentioning that the machine
is vulnerable / infected and that it needs to be patched to access your

While not the best way to handle patch management I still think the idea of
benign worms is one worth researching and experimenting with. 

I won't say anything else on the subject.

Cosmin Stejerean

Attachment: smime.p7s

Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]