Re: The 'good worm' from HP

["The Central Scroutinizer" <scroutinizer () beeb net>]

Would it not be better to have a standard secure backdoor provided by a 
security package that could downloaded or installed by disk and works hand 
in hand with port scanning software, if this is really necassary. I am 
supprised Microsoft have not released such a peice of software; maybe a 
third party have.

Aaron

----- Original Message ----- 
From: "Todd Towles" <toddtowles () brookshires com>
To: "joe" <mvp () joeware net>
Cc: "Mailing List - Full-Disclosure" <full-disclosure () lists netsys com>
Sent: Sunday, August 22, 2004 7:15 PM
Subject: RE: [Full-disclosure] The 'good worm' from HP


> I hope it is a bad choice of words. He is a VP, should I say more?
>
> Even if it is a controlled worm that moves around in the internal
> network patching computers, it sounds like a very stupid idea.
>
> -----Original Message-----
> From: full-disclosure-admin () lists netsys com
> [mailto:full-disclosure-admin () lists netsys com] On Behalf Of joe
> Sent: Sunday, August 22, 2004 8:20 AM
> To: Todd Towles; fulldisclosure () wateraxe demon nl;
> full-disclosure () lists netsys com
> Subject: RE: [Full-disclosure] The 'good worm' from HP
>
> > Allan is right. I didn't notice people calling it a worm.
>
>
> From the article at InfoWorld...
>
> <SNIP>
> We've been working with (customers) for the last month now," said Tony
> Redmond, vice president and chief technology officer with HP Services in
> an interview.
> <SNIP>
> "This is a good worm," said Redmond. "It's turning the techniques (of
> the
> attackers) back on them."
> <SNIP>
>
> Possibly he used a bad choice of words.
>
>
>
> I definitely agree though that you probably shouldn't be "infecting"
> machines to patch them. In order to patch through a hole like that you
> are running code through that hole and that is the same as infecting in
> my book, you just aren't propogating. You could still make the machine
> unstable or cause other issues. I think my preference would be something
> along the lines of what the NetSquid project is doing mentioned
> previously but be more aggressive. Sure have the feed from SNORT to
> actively go out and pop the machines currently sending bad traffic, but
> also scan for machines that
> *could* get infected and shut them down as well. That would be a good
> use of this tech HP is working on, simply identify the machines. However
> others have done the similar in terms of detection so that wouldn't be
> nearly as new and daring. They could do a good thing by making it fully
> supported by a big name, stable, quick, and part of an overall framework
> for protecting the network environment.
>
>  joe
>
>
>
> -----Original Message-----
> From: full-disclosure-admin () lists netsys com
> [mailto:full-disclosure-admin () lists netsys com] On Behalf Of Todd Towles
> Sent: Saturday, August 21, 2004 8:58 PM
> To: fulldisclosure () wateraxe demon nl; full-disclosure () lists netsys com
> Subject: RE: [Full-disclosure] The 'good worm' from HP
>
> <SNIP>
>
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.netsys.com/full-disclosure-charter.html
>
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.netsys.com/full-disclosure-charter.html


_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html