September 27th, 2002, 04:07 PM
The Nortel anti-worm defence system
Nortel Networks revealed the anti-computer worm defences it had developed in-house after it was hit hard by last year's outbreaks of Nimda and Code Red 2.
In many ways Nortel's anti-worm defence is very similar to an intrusion detection system, albeit designed specifically to look out for network-aware worms.
Politely said "This Project Was SHOT DOWN!"
Other end users attending the conference said they used some, but not all, of the techniques deployed by Nortel. But there was a marked scepticism from vendors about Nortel's ideas, and no particular appetite to rise to Morris challenge to commercialise an anti-worm defence system.
Brought To you by TheRegister.co.uk
September 28th, 2002, 08:17 PM
the only way something like this could work (imho) would be to sniff the network for packets containing a string commen to the worm, recording the sending address to a DB and using that db to automatically suspend the accounts associated with them. worm outbreaks occur in such large numbers anythiing beyond this would be of a scope so large it would be unaffordable.
i can sympathize with any provider not wanting to get involved with a system to quarentine servers infected with a worm. Even though their actions would be for the good of the network as a whole. they would be sued for not notifing each and ever one affected by the worm first for losses they incurred. then there would be those who would spoof others addresses just to get them blocked. the world is a friggen circus.
Bukhari:V3B48N826 “The Prophet said, ‘Isn’t the witness of a woman equal to half of that of a man?’ The women said, ‘Yes.’ He said, ‘This is because of the deficiency of a woman’s mind.’”