Follow Slashdot stories on Twitter

 


Forgot your password?
Close
typodupeerror
×
Security IBM

IBM's Billy Goat Squashes Worms 170

Posted by Hemos from the behavior-based-activity dept.
fr0z writes "InformationWeek is running a story on "Billy Goat", a novel worm-squashing software developed by researchers in Zurich, Switzerland. IBM says it wants to turn Billy Goat into a product to help guard against computer-network attacks such as those that slowed Internet traffic earlier this month."
This discussion has been archived. No new comments can be posted.

IBM's Billy Goat Squashes Worms More

IBM's Billy Goat Squashes Worms

Comments Filter:

  • Re:inapproporiate title? (Score:5, Informative)

    by farnz ( 625056 ) <slashdot&farnz,org,uk> on Monday September 01, 2003 @09:15AM (#6844016) Homepage Journal
    Something like Blaster scans the network for vunerable machines; some of these IPs are unassigned. Billy Goat detects the attempts to access unassigned IPs, and alerts admins/firewalls your box off/generally makes noise.

    The result is that something like Blaster gets caught before your whole network is infested; Billy Goat ignores a slashdotting, since all the traffic goes to assigned IPs.

  • Re:issues with this (Score:3, Informative)

    by mOoZik ( 698544 ) on Monday September 01, 2003 @09:21AM (#6844043) Homepage
    Actually, some of the worst worms have used random IP's. The worms you mentioned only use the emails from the address books, as there is no way to get IP information from it. Therefore monitoring which IP's are fake will provide a method of early warning. Though that's all it'll do.

  • Re:Billy Goat (Score:2, Informative)

    by Anonymous Coward on Monday September 01, 2003 @09:43AM (#6844132)
    Actually, it's probably more likely they are referencing the folk tale of the Three Billy Goats Gruff [pitt.edu].

  • LaBrea (Score:5, Informative)

    by MoogMan ( 442253 ) on Monday September 01, 2003 @09:58AM (#6844198)
    LaBrea - the "Sticky Tarpit". Seems like the same concept, and has a working, free implementation at http://labrea.sourceforge.net/

  • Re:issues with this (Score:2, Informative)

    by tesmako ( 602075 ) on Monday September 01, 2003 @10:47AM (#6844404) Homepage
    Repeat after me: Sobig is *NOT* a worm, it requires the user to execute the attachment. It relies on somewhat crude social engineering, absolutely not a self-replicating worm.

  • Re: end user patching (Score:4, Informative)

    by King_TJ ( 85913 ) on Monday September 01, 2003 @12:25PM (#6844899) Journal
    I'd really be interested to see how many of these recent worm infections happened on company systems, as opposed to people's home computers.

    I agree that a big problem is educating the average home user to apply update patches as they become available, but this isn't usually an option at the corporate level.

    I've seen corporate environments where even the I.T. staff in charge of the desktop systems has to fight and fight to get the approval to apply a security patch. (The team lead or I.T. manager may scratch the plan, arguing they haven't had sufficient time to make sure the patch doesn't break a "mission critical" application they run, or they may decide the patch can wait until another update it rolled out, so they can get 2 birds killed with one stone.) Letting the end users apply their own patches isn't typically allowed on corporate machines.

  • NetScreen IDP has had this two years ago... (Score:2, Informative)

    by Anonymous Coward on Monday September 01, 2003 @02:41PM (#6845462)
    NetScreen's IDP product had this technology almost 2 years ago - we called it a 'Network Honeypot'. All it does is respond to IP's that don't exist (or that do, but on ports the machine is not listening on) and then perform rules against that IP. The rules can be a simple as 'log' to aggressive as 'block the subnet of this IP for x hours', or anywhere in between.

    But we didn't get press coverage, because:

    a) We're not IBM
    b) We don't come up with cool codenames
    c) This is so obvious it doesn't deserve coverage.

    -AC

Slashdot Top Deals

Happiness is twin floppies.

Close