Slashdot Mirror

← Back to Stories (view on slashdot.org)

Researchers Tout New Network Worm Weapon

Posted by samzenpus on from the network-thumper dept.

coondoggie writes "Can Internet worms be thwarted within minutes of their infection? Researchers at Ohio State University believe they can. The key, researchers found, is for software to monitor the number of scans that machines on a network send out. When a machine starts sending out too many scans — a sign that it has been infected — administrators should take it off line and check it for viruses. In a nutshell, the researchers developed a model that calculated the probability that a virus would spread, depending on the maximum number of scans allowed before a machine was taken off line.'The difficulty was figuring out how many scans were too many,' researchers said."

8 of 101 comments (clear)

  1. SOP - Standard operating procedure by bernywork · · Score: 4, Funny

    Network admins quite often scan large amount of network space especially for vulnerabilities, I know, I do it every day. Device discovery on networks for monitoring, IP address management, the list goes on.

    There is the alternative though...

    http://xkcd.com/416/

    --
    Curiosity was framed; ignorance killed the cat. -- Author unknown
  2. Seriously Useless by Anonymous Coward · · Score: 2, Funny

    Seriously, let's see how this will work.

    sysadmin: $max_scans_allowed = 10;
    worm: sh1t! $max_scans_allowed = 10;
    sysadmin: sh1t! $max_scans_allowed = 9;
    worm: sh1t! $max_scans_allowed = 9;
    sysadmin: sh1t! $max_scans_allowed = 8;
    worm: sh1t! $max_scans_allowed = 8;
    sysadmin: sh1t! $max_scans_allowed = 7;
    worm: sh1t! $max_scans_allowed = 7;
    sysadmin: sh1t! $max_scans_allowed = 6;
    worm: sh1t! $max_scans_allowed = 6;
    sysadmin: sh1t! $max_scans_allowed = 5;
    worm: sh1t! $max_scans_allowed = 5;
    sysadmin: sh1t! $max_scans_allowed = 4;
    worm: sh1t! $max_scans_allowed = 4;
    sysadmin: sh1t! $max_scans_allowed = 3;
    worm: sh1t! $max_scans_allowed = 3;
    sysadmin: sh1t! $max_scans_allowed = 2;
    worm: sh1t! $max_scans_allowed = 2;
    sysadmin: sh1t! $max_scans_allowed = 1;
    worm: sh1t! $max_scans_allowed = 1;
    sysadmin: sh1t! $max_scans_allowed = 0;

    Unplug the internet, no communications allowed.

    1. Re:Seriously Useless by Anonymous Coward · · Score: 3, Funny

      sh1t! is programing slang for 100100001

  3. Re:Neat by Vectronic · · Score: 1, Funny

    Although, this may work for a University/College, or business network (to a signifigant degree at least) where someone can physically go to the computer and check it out, or at least momentarily take it offline and tell it to scan/scan it...

    But, I dont see how this would work (such as you mentioned BitTorrent, et al) for the 'public' unless ISP's starting DoS-ing their customers, or sending them direct messages...

    Suspicious Amount Of Traffic Detected, Disconnect From Internet?
    (Cancel) (Allow)

    Which would mean more crap running in the background, or another expoitable access point, similar to "Messenger Service" on Windows... Oh great fun.

  4. Re:And now that... by Goaway · · Score: 3, Funny

    Yeah, that has worked great so far, hasn't it?

  5. If I am in a position of authority over a network, by patio11 · · Score: 2, Funny

    ...blocking Bittorrent isn't a bug, it is a feature.

    --
    Help poke pirates in the eyepatch, arr.
  6. Re:Well? by ELProphet · · Score: 2, Funny

    They could, if I didn't just waste my mod points by commenting in a thread I just modded... crap!

  7. Blinking Lights by Joebert · · Score: 2, Funny

    What's wrong with looking at the router lights blinking when the system shouldn't be doing anything and saying "Heeey, that's not right !" ?

    --
    Wanna fight ? Bend over, stick your head up your ass, and fight for air.