[Discussion] Auto-Sig Creation
Matt Jonkman
jonkman at jonkmans.com
Sun Mar 1 15:17:44 UTC 2009
Kevin Ross wrote:
Perhaps the most ambitious of them all. If an attack is seen through
various methods, say a new worm. If it is unknown by the system and
confirmed by an analyst a signature can be created by the sensor,
perhaps with help from the analyst specifiying a few options like what
to match upon and distubuted to other systems around the world that
choose to accept such updates. Perhaps submitted and checked first by
some central body to avoid someone submitting fake sigs to the
distributed system, then it can be automatically downloaded by sensors
which allow such updates. During a new fast spreading worm this could
mean sensors can be updated with this information quickly with little
intervention from the "clients" in the distributed system such as homes
and businesses.
--
--------------------------------------------
Matthew Jonkman
Emerging Threats
Phone 765-429-0398
Fax 312-264-0205
http://www.emergingthreats.net
--------------------------------------------
PGP: http://www.jonkmans.com/mattjonkman.asc
More information about the Discussion
mailing list