Ben wrote:

I also would like to point out that this worm is, unlike many, not an illustration of the dangers of a software monoculture.

This is an excellent point, and thank you for making it.

Once I got over sheer astonishment that people would allow this sort of vulnerability to persist on Internet-facing systems, I mulled over what the technical community might do to help -- and, for that matter, what business opportunities this presents. One obvious fact is that these people never cultivated the habit of portscanning their outside networks. I considered doing an article, pitched so that any businessman can understand it, explaining how to do that using, say, nmap and snort, both of which can be run straight from a downloadable [link|http://www.lnx-bbc.org/|LNX-BBC] mini-disc. I think I could do that successfully.

But the difficult part would be explaining how to interpret those results. OK, so host foo has active processes listening on TCP ports blah blah: How do you teach them how to determine what that is, and whether they want to continue running it?

I'll bet it wouldn't be difficult to make a dedicated bootable image that portscans a specified network and then reports back, in fairly human-friendly language, what was found. It could even be packaged in an embedded device with a cheap processor.

Rick Moen
rick@linuxmafia.com