On Wed, 21 Jul 2004 13:31:15 CDT, Joshua Berry said:
> I use Snort with Flexresp and Snort Inline, I am just playing around
> with this for now. While Snort-Inline or Flexresp can keep resetting or
> blocking connections, this solution actually removes the worm and cleans
> up the system. The reality is that large networks have an incredibly
> difficult time patching systems effectively and I am just playing around
> with this in a test network to see how well it works.
Been there, done that. The *real* reality is you need to make *really* sure
you have your posterior covered in case some Very Self-Important User's machine
doesn't patch correctly...
(And in fact, it's usually a technically reasonable thing to do, the hang-up is *always*
avoiding the liability issues if a machine that isn't your responsibility to fix *anyhow*
gets broken by the patching..)
- application/pgp-signature attachment: stored
Received on Jul 21 2004
Intro
