nanog mailing list archives
Re: Quarantine your infected users spreading malware
From: Michael.Dillon () btradianz com
Date: Tue, 21 Feb 2006 13:46:21 +0000
When enough "votes" have been collected, the registry sends the shutdown signal to the end user, thus triggering the blocker program to quarantine the user.Isn't there a risk of DoS though? What's to prevent someone from "spoofing" those signals and shutting down other users?
The signal would be encoded using a unique key. I would also expect that the choice of listening port would be somehow randomized and registered in the central registry to make it less of a DOS target.
Relative precautions would need to be taken, but to be sure, the end-user needs the ability to override the system. Thus leaving us in the same situation as before. Firewall? I don't need no stinking firewall..
I see no reason why the user needs the ability to override or remove the software. After all, during normal operation it does nothing at all therefore it does not interfere in any way with machine operation. The intent is to make it virtually impossible to remove this software so that a virus or worm cannot remove it either.
Sure it does.. It doesn't need to remove it, per se, but it will need to know what the infection is so it can give the correct disinfection instructions..
If the quarantined state keeps open a port 443 connection to a specific trusted webserver run by the group of trusted security researchers then the specifics of combatting the worm can be made available on that site. If necessary the site could upload ActiveX controls to do malware scans or recommend the installation of such software. --Michael Dillon
Current thread:
- Re: Quarantine your infected users spreading malware, (continued)
- Re: Quarantine your infected users spreading malware Bill Nash (Feb 20)
- Re: Quarantine your infected users spreading malware Michael . Dillon (Feb 21)
- Re: Quarantine your infected users spreading malware Michael Painter (Feb 21)
- Re: Quarantine your infected users spreading malware Michael . Dillon (Feb 21)
- Re: Quarantine your infected users spreading malware Valdis . Kletnieks (Feb 21)
- Re: Quarantine your infected users spreading malware Sean Donelan (Feb 21)
- Re: Quarantine your infected users spreading malware Gadi Evron (Feb 21)
- Re: Quarantine your infected users spreading malware Michael . Dillon (Feb 21)
- Re: Quarantine your infected users spreading malware Gadi Evron (Feb 21)
- Re: Quarantine your infected users spreading malware Jason Frisvold (Feb 21)
- Re: Quarantine your infected users spreading malware Michael . Dillon (Feb 21)
- Re: Quarantine your infected users spreading malware Bill Nash (Feb 21)
- Re: Quarantine your infected users spreading malware Jason Frisvold (Feb 21)
- Re: Quarantine your infected users spreading malware Valdis . Kletnieks (Feb 21)
- Re: Quarantine your infected users spreading malware Jason Frisvold (Feb 21)
- Re: Quarantine your infected users spreading malware PC (Feb 21)
- Re: Quarantine your infected users spreading malware Larry Smith (Feb 21)
- Re: Quarantine your infected users spreading malware Andy Davidson (Feb 22)
- Re: Quarantine your infected users spreading malware Jason Frisvold (Feb 23)
- Re: Quarantine your infected users spreading malware Jack Bates (Feb 23)
- Re: Quarantine your infected users spreading malware Michael Loftis (Feb 23)