[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Full-Disclosure] The 'good worm' from HP

To: full-disclosure@xxxxxxxxxx
Subject: Re: [Full-Disclosure] The 'good worm' from HP
From: michael williamson <michael@xxxxxxxxxxxxxxxxx>
Date: Sat, 21 Aug 2004 09:00:57 -0500

There are much better alternatives to using exploit code to install
patches.    The security folk at TAMU have come up with an in-line
network sniffer automagically blocks infected machines and notifies them
via an internal webserver of their infection.  After a set time it
allows them back on.  (clever...motivates _user_ to clean/patch)

http://netsquid.tamu.edu/

This is a _lot_ more responsible than running exploit code of any sort,
even for a good purpose.  I admin one particular windows server that I
must actually wait for vender approval before applying any hotfixes.  
I'd be extremely pissed if some do-gooder net admin tried to patch my
box via sploit code and ended up breaking it.  (it is that fickle)

-Michael

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

Follow-Ups:
- Re: [Full-Disclosure] The 'good worm' from HP
  - From: Maarten

References:
- [Full-Disclosure] The 'good worm' from HP
  - From: KF_lists
- Re: [Full-Disclosure] The 'good worm' from HP
  - From: Nick FitzGerald

Prev by Date: RE: [Full-Disclosure] Possible dialer on 62.4.84.150
Next by Date: RE: [Full-Disclosure] cmd.exe bug in win2k sp4 in "for" loop
Previous by thread: RE: [Full-Disclosure] The 'good worm' from HP
Next by thread: Re: [Full-Disclosure] The 'good worm' from HP
Index(es):
- Date
- Thread