Slashdot Mirror

← Back to Stories (view on slashdot.org)

Researchers Tout New Network Worm Weapon

Posted by samzenpus on from the network-thumper dept.

coondoggie writes "Can Internet worms be thwarted within minutes of their infection? Researchers at Ohio State University believe they can. The key, researchers found, is for software to monitor the number of scans that machines on a network send out. When a machine starts sending out too many scans — a sign that it has been infected — administrators should take it off line and check it for viruses. In a nutshell, the researchers developed a model that calculated the probability that a virus would spread, depending on the maximum number of scans allowed before a machine was taken off line.'The difficulty was figuring out how many scans were too many,' researchers said."

1 of 101 comments (clear)

  1. Re:As a network admin... by Gnavpot · · Score: 4, Informative

    Yeah, thats a fantastic approach, block computers from connecting to each other. Who wants a functional network anyway?

    The GP explained his point in an easily understandable way. I don't know how you failed to understand it. Anyway, here it comes again in slow motion for your benefit:

    In most corporate networks, clients need to connect to servers. They do not need to connect to other clients.

    If you block clients' ability to connect to other clients, no functionality is lost, but infected clients can not attack other clients directly.

    (I know that some companies uses IM internally, but there is nothing forcing IM solutions to be P2P.)