Honeypots mailing list archives
Re: Inoculation Scripts
From: Valdis.Kletnieks () vt edu
Date: Wed, 21 Jul 2004 14:51:55 -0400
On Wed, 21 Jul 2004 13:31:15 CDT, Joshua Berry said:
I use Snort with Flexresp and Snort Inline, I am just playing around with this for now. While Snort-Inline or Flexresp can keep resetting or blocking connections, this solution actually removes the worm and cleans up the system. The reality is that large networks have an incredibly difficult time patching systems effectively and I am just playing around with this in a test network to see how well it works.
Been there, done that. The *real* reality is you need to make *really* sure you have your posterior covered in case some Very Self-Important User's machine doesn't patch correctly... (And in fact, it's usually a technically reasonable thing to do, the hang-up is *always* avoiding the liability issues if a machine that isn't your responsibility to fix *anyhow* gets broken by the patching..)
Attachment:
_bin
Description:
Current thread:
- Inoculation Scripts Joshua Berry (Jul 21)
- Re: Inoculation Scripts Valdis . Kletnieks (Jul 21)
- <Possible follow-ups>
- RE: Inoculation Scripts Joshua Berry (Jul 21)
- RE: Inoculation Scripts Joshua Berry (Jul 21)
- Re: Inoculation Scripts Valdis . Kletnieks (Jul 21)