Friday, June 30, 2006
Stop worms before your antivirus knows about them
Someone's taken an idea that I'd daydreamed about and made a product out of it. Intrinsic Security sells an appliance called the "Firebreak Antiworm" which looks out for software indiscriminately probing your network and gets in its way. As a result it reacts almost instantly, without the wait for an antivirus firm to ship you new definitions.
The way it works, if you're curious, is by watching network addresses that you own but don't use. There's no sane or legitimate reason for any other system on the Internet to try to talk to one of those addresses, but worms often try every possible network address, like telemarketers dialing every phone number in an exchange. Imagine putting a dummy number on your PBX and programming your PBX to block any caller who tries to ring that number. Same idea, only it works better on the Internet because computers don't dial wrong numbers.
On the downside, network worms like Slammer seem to be getting less important over time, I haven't tested the unit, and I'm having trouble finding anyone who has. I'd also be happier if I could find a price on their web site.
|
The way it works, if you're curious, is by watching network addresses that you own but don't use. There's no sane or legitimate reason for any other system on the Internet to try to talk to one of those addresses, but worms often try every possible network address, like telemarketers dialing every phone number in an exchange. Imagine putting a dummy number on your PBX and programming your PBX to block any caller who tries to ring that number. Same idea, only it works better on the Internet because computers don't dial wrong numbers.
On the downside, network worms like Slammer seem to be getting less important over time, I haven't tested the unit, and I'm having trouble finding anyone who has. I'd also be happier if I could find a price on their web site.
# posted by Frederick @ 9:12 AM Email to a friend:
Haloscan: they provide trackback