Good Network Worms Made Simple

grabbag writes "Dave Aitel is pitching new technology to create "nematodes," or beneficial network worms for use in large businesses. The idea is to set up a new language and structure to create "strictly controlled" good worms on the fly. A research-type demo was given as the Hack in the Box conference where Aitel talked about a world where "strictly controlled" nematodes are used by ISPs, government organizations and large companies to show significant cost savings."

Re:distributed processing

[Koushiro]

RTFS. This proposal is intended for use within large businesses: the idea is to automate and improve maintenance of their internal network, not something they'd just unleash on the Internet.

Intelligent managed networks?

[jeffs72]

It would be cool if you could have these worms each perform certain functions (one to better manage spanning-tree for instance, so when a link fails spanning tree rebuilds faster for example) with some sort of AI, or really even a really good base line vs current activity comparison machine, to intelligently manage WANs and LANs.

Be nice to have worms that watch for machines all the sudden opening ports that they never have before, all the sudden opening up multicast or what not, or even finding that bad machine sending out bad frames on the network.

I can see a lot of flexibility with this, particularly if they are written in some sort of open source scripting language. I guess what I'm getting at is that they could be sort of like an open source distributed IDS/IDP system.

Granted you can do all these things now with a mix of expensive monitoring tools and a lot of config work with tools like ethereal and mrtg and big brother/big sister, etc. But this might be an easier way to do the same thing.

neato

Produce?

[mlibby]

The worm IS the Spice... the Spice IS the worm

and here is a link

[mustafap]

http://catless.ncl.ac.uk/Risks/16.28.html#subj3 [ncl.ac.uk]

Re:distributed processing

[halcyon1234]

Distributed processing capabilities and distributed network monitoring capabilities would be great

Correct me if I'm wrong, but isn't this the very thing that lead to the creation of the first worm? Some computer guys at Xerox PARC were looking for a way to distribute code/updates across a network, created a self-replicating program, then dubbed it "worm" after a John Brunner novel?

So, not only is this not new... this is just what a worm was supposed to do in the fisrt place.

Re:distributed processing

['nother poster]

Well, whether I patch or not, who knows and/or cares? My point is that if I gey MY system the way I want it then no one has a right to mess with it. Black hat or white hat it doesn't matter. It's not their system. They have laws that include prison time and/or fines for the black hats. Will the fact that the white hats didn't MEAN to do something bad give them immunity? What about patches that break things? Automatically updating/upgrading a box can make for wonderful evenings of reinstalls/rebuilds. My time is valuable.

Re:distributed processing

[Egregius]

Uhm...no.

The first worms were thought experiments on breaching computer security put into practice by Fred Cohen. You're confused with 'Animal' though. Scroll down to 2 thirds [com.com] for a bit of backstory on that.