Distributive Worm Blocking
wdebruij writes "According to
this source (unfortunately in dutch), a number of dutch ISPs are bundling their forces to fight the spread of worms. The technology, called virbl, blocks all accesses from IP addresses from which at least 2 worms were sent for 24 hours, naturally excluding known large email servers. Background info on the project can be found at the developers' project site. So, does anyone have useful remarks on why this may succeed or fail? It appears to me as a simple to implement yet powerful, albeit stopgap, solution."
It seems like a good idea, but it seems like the threshold is too low and there ought to be a human in the loop (i.e., if the system suddenly decides to block half the IP numbers in the universe, a human should have to OK it).
Unfortunately I don't read Dutch; maybe they've thought of this already.
Am I part of the core demographic for Swedish Fish?
when freeserve depreciated one of their dial-up numbers, all attempts to access port 80 were forwarded to their http server on a page which explained how to change the number, and what to. - they blocked all other connections i think.
pain in the arse, but it could be useful if the same kind of thing was implemented if you were showing characteristics of running a worm, to redirect you to their free online virus scanner (or somebody elses). that way, you cant infect anybody else, but you can still use the online vius scanner to remove virus's (using an OCX).
this will carry on working, while nearly all worms are for windows. i imagine most people with other os's wouldn't get hit, not because of higher security neccessarily, but because they wouldn't spread well in a world where 90%+ boxes are windows, and even then, the less than 10% of boxes isn't one OS - there's mac, linux, free/open/net bsd, solaris, etc.