Full Disclosure mailing list archives
Re: Quarantine your infected users spreading malware
From: Bob Beck <beck () bofh cns ualberta ca>
Date: Wed, 22 Feb 2006 08:13:24 -0700
As many of us know, handling such users on tech support is not very cost-effective to ISP's, as if a user makes a call the ISP already losses money on that user. Than again, paying abuse desk personnel just so that they can disconnect your users is losing money too. Which one would you prefer?
from home : # Training wheels for windows boxes. Stomp anything other than # web ftp and ssh. If they need more they should run something else. block in log on { $int_if, $wi_if } proto tcp from any os Windows to any pass in on { $int_if, $wi_if } proto tcp from any os Windows to any port { 80, 443, 22, 21 } keep state Tricks like max states and an overflow table help too. But worrying about 139 and 445 is just hole du jour. Worrying only about windows is OS du jour. The real problem is not Aunty Jane. It's twofold: 1) Aunty Jane is naiive and easily socially engineered 2) Aunty Jane is running crap that can either be directly compromised, or that makes it easier to do 1) above. Packet filtering customers by default will make no difference as more and more bad software comes out that simply embeds itself in web protocols and the like that you simply can't block arbitrarily and stay in business. Wait for the first good VOIP propagating worm (humming "woo hooo woo hoo hooo....) -Bob _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- Quarantine your infected users spreading malware Gadi Evron (Feb 20)
- Re: Quarantine your infected users spreading malware Simon Richter (Feb 21)
- Re: Quarantine your infected users spreading malware Nigel Horne (Feb 21)
- Re: Quarantine your infected users spreading malware Radoslav Dejanović (Feb 22)
- Re: Quarantine your infected users spreading malware Bob Beck (Feb 22)
- Re: Quarantine your infected users spreading malware 499nag (Feb 23)
- Re: Quarantine your infected users spreading malware Dana Hudes (Feb 27)
- Re: Quarantine your infected users spreading malware Simon Richter (Feb 21)