Using Honeypots to Fight Worms
scubacuda writes "Laurent Oudout, an active member of the French Honeynet Project (part of the Honeynet Alliance), has written a paper evaluating the usefulness of using honeypots in fighting Internet worms. (Imagine a well-constructed honeypot framework capturing a worm, redirecting worm traffic to fake services, and launching counter attacks to clean infected hosts!)"
and launching counter attacks to clean infected hosts Sounds illegal.... Unauthorized access to someone elses computer comes to mind. axehind
It is a nice attempt at active worm defense.
Unfortunately for him, I have just published a paper that shows that and how future worms will be much too fast for his - or anyone elses - manual defense methods.
In short, I've demonstrated that by the time he's starting to analyze the worm, it has already infected 90%+ of the vulnerable machines.
As soon as worm writers acquire some coding skills (most of the past worms were pathetic), all defenses that require manual actions will be too slow.
Sorry.
Assorted stuff I do sometimes: Lemuria.org
In the case of the stolen laptop, it would be easier to call the police, and have them investigate the vehicle (why break into the car if you dont know if your laptop is there?)
However, in the case of the internet, there are no "virus/worm" police.
In this situation, the only way you could safely protect your systems would be to have an "active" defense.
Shooting is only justified if you feel your life is in danger and you are incapable of running away. Pretty arguable point when the attacker is only weilding a bat.
You don't live in Texas, do you? Shooting is justified as soon as someone steps on my property without my permission and refuses to leave. Or if I just feel like it.