mailing list archives
RE: RE: Benign Worms (Cosmin Stejerean)
From: "Stejerean, Cosmin" <cstejere () cti depaul edu>
Date: Sun, 15 May 2005 22:27:54 -0500
regular patching. There might be some cases when writing a quick "worm"
patch rogue machines automatically might be better (especially to patch
laptops connected to a wireless hotspot, etc) but since it is risky it
Nope.. You don't *know* that a worm will or won't actually hit that
vulnerable Laptop. It *probably* will, given enough time.
Or you can just have an attack-trained DHCP server, and *know* that laptop
will get fixed when it rears its head on the network. ;)
That would be perhaps the best way to do this or as Nick was mentioning in
an earlier email, have the DHCP server scan the machine, not penetrate it,
then put it in a VLAN that can only access the site of the vendor to
download the patch or a page on your own network mentioning that the machine
is vulnerable / infected and that it needs to be patched to access your
While not the best way to handle patch management I still think the idea of
benign worms is one worth researching and experimenting with.
I won't say anything else on the subject.
Full-Disclosure - We believe in it.
Hosted and sponsored by Secunia - http://secunia.com/
- RE: RE: Benign Worms (Cosmin Stejerean) Stejerean, Cosmin (May 16)