>> regular patching. There might be some cases when writing a quick "worm" to >> patch rogue machines automatically might be better (especially to patch >> laptops connected to a wireless hotspot, etc) but since it is risky it > Nope.. You don't *know* that a worm will or won't actually hit that > vulnerable Laptop. It *probably* will, given enough time. > Or you can just have an attack-trained DHCP server, and *know* that laptop > will get fixed when it rears its head on the network. ;) That would be perhaps the best way to do this or as Nick was mentioning in an earlier email, have the DHCP server scan the machine, not penetrate it, then put it in a VLAN that can only access the site of the vendor to download the patch or a page on your own network mentioning that the machine is vulnerable / infected and that it needs to be patched to access your network. While not the best way to handle patch management I still think the idea of benign worms is one worth researching and experimenting with. I won't say anything else on the subject. Cosmin Stejerean
Attachment:
smime.p7s
Description: S/MIME cryptographic signature
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/