[prev in list] [next in list] [prev in thread] [next in thread] 

List:       dshield
Subject:    [Dshield] Emergency Worm Containment-New Ideas
From:       Mark <markt442 () yahoo ! com>
Date:       2004-09-23 19:38:48
Message-ID: 20040923193848.64677.qmail () web21201 ! mail ! yahoo ! com
[Download RAW message or body]


<<SNIP>>
I would like to get a topic for brainstorming from the
list.  Please everyone, think emergency situations of
containment of high severityworms in large
environment.  Deployment of patches and AV are a
given.

Propagation techniques are starting to use random
functions when determining the communication or
transport port.  This is not a norm as of yet but if
implemented it will require changes on the response
side of the house in certain situations.

Advancements through this year..... <<END SNIP>>

Enterasys Networks (http://www.enterasys.com)

Released earlier this year its NetSight Automated
Security Manager product. It models your network
(switches, routers, access points) and takes SNMPv3
feeds from your IDS (a syslog model is available).

When it receives a trap, it locates the ingress point
(LAN) and performs an action such as - shutdown the
port - change the port vlan id - or on an Enterasys
policy device it will dynamically filter the traffic
behaviours.

It is locating infected users at one of my client's
networks (40,000 nodes) in less than one minute.

Best of luck.

Mark


		
_______________________________
Do you Yahoo!?
Declare Yourself - Register online to vote today!
http://vote.yahoo.com
_______________________________________________
DShield and the Internet Storm Center are sponsored by the SANS Institute.
To learn more about current SANS training, see http://www.sans.org .

_______________________________________________
send all posts to list@lists.dshield.org
To change your subscription options (or unsubscribe), see: http://www.dshield.org/mailman/listinfo/list
[prev in list] [next in list] [prev in thread] [next in thread]