Re: RE: Probable new MS DCOM RPC worm for Windows

[Karl DeBisschop <kdebisschop () alert infoplease com>]

On Fri, 2003-09-26 at 22:57, Paul Schmehl wrote:

> We're working on a "jail vlan" concept now, where "evil" computers go. 
> They get access to email (so they can beg for forgiveness), a web page that 
> says, "You naughty, naughty boy" and access to one website - their vendor 
> of choice's patch site - so they can fix their problem.

I imagine mail out of that subnet passes through a proxy server with
spam and virus detection.

This is a cute concept Paul. You've got a pretty challenging environment
there, and this looks like a creative and functional help for you. It
will be interesting to hear how well this ends up working for you and
what evolution it goes through. For instance, if your security policy
includes supporting diversification, you could add connections to
mirrored Linux and/or (Net|Free|Open)BSD distros (which would be easy
enough to mirro locally).

Maybe this concept is already widely in use at academia. If it is not,
it may soon be.

-- 
Karl DeBisschop <kdebisschop () alert infoplease com>

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html