Full Disclosure mailing list archives
Re: RE: Probable new MS DCOM RPC worm for Windows
From: Karl DeBisschop <kdebisschop () alert infoplease com>
Date: Sat, 27 Sep 2003 07:30:03 -0400
On Fri, 2003-09-26 at 22:57, Paul Schmehl wrote:
We're working on a "jail vlan" concept now, where "evil" computers go. They get access to email (so they can beg for forgiveness), a web page that says, "You naughty, naughty boy" and access to one website - their vendor of choice's patch site - so they can fix their problem.
I imagine mail out of that subnet passes through a proxy server with spam and virus detection. This is a cute concept Paul. You've got a pretty challenging environment there, and this looks like a creative and functional help for you. It will be interesting to hear how well this ends up working for you and what evolution it goes through. For instance, if your security policy includes supporting diversification, you could add connections to mirrored Linux and/or (Net|Free|Open)BSD distros (which would be easy enough to mirro locally). Maybe this concept is already widely in use at academia. If it is not, it may soon be. -- Karl DeBisschop <kdebisschop () alert infoplease com> _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- RE: RE: Probable new MS DCOM RPC worm for Windo ws Schmehl, Paul L (Sep 26)
- Re: RE: Probable new MS DCOM RPC worm for Windo ws Gary Flynn (Sep 26)
- RE: RE: Probable new MS DCOM RPC worm for Windo ws Jay Sulzberger (Sep 26)
- <Possible follow-ups>
- RE: RE: Probable new MS DCOM RPC worm for Windo ws Schmehl, Paul L (Sep 26)
- RE: RE: Probable new MS DCOM RPC worm for Windo ws Jerry Heidtke (Sep 26)
- RE: RE: Probable new MS DCOM RPC worm for Windo ws Schmehl, Paul L (Sep 26)
- RE: RE: Probable new MS DCOM RPC worm for Windo ws Schmehl, Paul L (Sep 26)
- RE: RE: Probable new MS DCOM RPC worm for Windo ws Schmehl, Paul L (Sep 26)
- Re: RE: Probable new MS DCOM RPC worm for Windows Cael Abal (Sep 26)
- Re: RE: Probable new MS DCOM RPC worm for Windows Paul Schmehl (Sep 26)
- Re: RE: Probable new MS DCOM RPC worm for Windows Karl DeBisschop (Sep 27)
- Re: RE: Probable new MS DCOM RPC worm for Windows Brent J. Nordquist (Sep 29)
- Re: RE: Probable new MS DCOM RPC worm for Windows Cael Abal (Sep 26)
- RE: RE: Probable new MS DCOM RPC worm for Windo ws Jay Sulzberger (Sep 26)