Are there any systems that could be setup to locate clients (say in a LAN) attempting to propogate worm infections, and then pass on an autopatch or something similar to clean it out (using whatever exploits/backdoors the worm opens or got in with).
Alternately, how about something that would deny those machines access to the network, perhaps by having a master password on local routers and commands capable of directing traffic from infected machines (on infection ports at least) to the bit-bucket.
Cisco has a product like that, called CSA. It detect odd machine behavior and shut only the port. Say a workstation start to massively send smtp to anywhere, it will shut the smtp port, cause it's not the expect behavior for this workstation. so even if your not patch against a virus or a worm, it will prevent it to propagate. It also scan and quarantine any new workstation and won't permit it to reach the rest of the network until it's compliant to sercurity policy inside the company.
Maybe you can't buy happiness, but these days you can certainly charge it.
Server/network-level blocking (Score:2)
Are there any systems that could be setup to locate clients (say in a LAN) attempting to propogate worm infections, and then pass on an autopatch or something similar to clean it out (using whatever exploits/backdoors the worm opens or got in with).
Alternately, how about something that would deny those machines access to the network, perhaps by having a master password on local routers and commands capable of directing traffic from infected machines (on infection ports at least) to the bit-bucket.
Re:Server/network-level blocking (Score:0)
#2. Ditto
Re:Server/network-level blocking (Score:0)