worms among us
Worms Among Us - Why do we still have computer worms? And why does it take so long to get rid of them? It’s not my job, so I’ve been assuming that someone would take care of the problem. But that seems to be wishful thinking.
Why wouldn’t the following work:
- Write a netmon extension that passively monitors traffic on the network, looking for patterns (signatures that could be updated quickly in the wake of an attack).
- Keep a list of machines that have been detected as scanning or probing suspiciously.
- Automatically add these machines to the blocked addresses list on the machine.
- Make the list available to others who can use it to block addresses.
- Perhaps pass the list on to routers or switches that are equipped to block these ports (we do something similar with the recent UPnP agreements with router vendors for allowing gaming traffic to get through firewalls).
Coding the filter is simple but tedious; figuring out the best way to share the blacklist is obviously something that would take thought. Anyway, this seems like such an obvious solution; maybe it has already been implemented and I am missing something? If it’s been implemented, why don’t companies use it?
Other news; I am not sure how much weight to place om the rumors, but I’ve heard rumors that future versions of Windows will ship without a web server installed by default.