, SecurityFocus 2006-01-27
Story continued from Page 1
Aitel's idea is a new twist on an old concept. An author using the name MidNyte wrote a response to Bontchev's paper in 1999 arguing that a 'good' virus that kept information on the last 100 hosts to which it spread could help defend against bad viruses.
However, Aitel also argues that, in today's complex networks, nematodes could significantly reduce the cost of scanning a large network, by bringing the advantages of peer-to-peer concepts to penetration testing and network scanning. Rather than buying a new sensor for each subnet in a company, the nematode could spread using existing pathways to enumerate any computers with a given set of vulnerabilities. Moreover, the technology could be used to move search agents across a network to find specific files or to push intelligence to all desktops without a specific client.
On the other hand, the dangers inherent in self-propagating code are hard to overcome, said Jose Nazario, senior security and software engineer for network defense firm Arbor Networks.
"I still have my doubts that the controls he described are effective enough," Nazario said. "He addressed how do you shut the nematodes down and how you make sure they don't infect other networks. But he hasn't addressed how you address machine instability and how you address the danger when people carry laptops across network boundaries."
Nazario, the author of Defense and Detection Strategies Against Internet Worms, believes that the best way to find vulnerabilities on a large network is to use dedicated sensors, an approach used by Arbor Networks.
"There are a number of ways of finding those vulnerabilities in the network with out the inherent risks involved in self-propagating code," he said.