RE: RE: Benign Worms (Cosmin Stejerean)

["Stejerean, Cosmin" <cstejere () cti depaul edu>]

> > regular patching. There might be some cases when writing a quick "worm"
to
> > patch rogue machines automatically might be better (especially to patch
> > laptops connected to a wireless hotspot, etc) but since it is risky it

> Nope.. You don't *know* that a worm will or won't actually hit that 
> vulnerable Laptop.  It *probably* will, given enough time.

> Or you can just have an attack-trained DHCP server, and *know* that laptop
> will get fixed when it rears its head on the network. ;)

That would be perhaps the best way to do this or as Nick was mentioning in
an earlier email, have the DHCP server scan the machine, not penetrate it,
then put it in a VLAN that can only access the site of the vendor to
download the patch or a page on your own network mentioning that the machine
is vulnerable / infected and that it needs to be patched to access your
network. 

While not the best way to handle patch management I still think the idea of
benign worms is one worth researching and experimenting with. 


I won't say anything else on the subject.



Cosmin Stejerean

Attachment: smime.p7s
Description:

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/