nanog mailing list archives
Re: Quarantine your infected users spreading malware
From: Bill Nash <billn () odyssey billn net>
Date: Tue, 28 Feb 2006 14:07:36 -0500 (EST)
The simplest method is to issue a different gateway to a registry of known offenders, forcing their into a restrictive environment that blocks all ports, and uses network translation tricks to redirect all web traffic to a portal.
For cable modems and bridged DSL, you can do this with DHCP, matching their MAC address. PPPOE/DSL or similiar, you match on user name.
Issue RFC1918 space with a gateway to your quarantine network.The rest is NAT/PAT and w3proxy stunts. You could pull it off with something as simple as iptables and squid, after dealing with the DHCP or authentication servers (ala Radius) to issue to the correct credentials.
- billn On Tue, 28 Feb 2006, Christopher L. Morrow wrote:
On Tue, 28 Feb 2006, Jim Segrave wrote:www.quarantainenet.nl It puts them in a protected environment where they can get cleaned up on-line without serious risk of re-infection. They can pop their e-mail, reply via webmail, but they can't connect to anywhere except a list of update sites.there was little in the way of 'how' in the link above though :(
Current thread:
- Re: Quarantine your infected users spreading malware, (continued)
- Re: Quarantine your infected users spreading malware PC (Feb 21)
- Re: Quarantine your infected users spreading malware Larry Smith (Feb 21)
- Re: Quarantine your infected users spreading malware Andy Davidson (Feb 22)
- Re: Quarantine your infected users spreading malware Jason Frisvold (Feb 23)
- Re: Quarantine your infected users spreading malware Jack Bates (Feb 23)
- Re: Quarantine your infected users spreading malware Michael Loftis (Feb 23)
- Re: Quarantine your infected users spreading malware Gadi Evron (Feb 23)
- Re: Quarantine your infected users spreading malware Michael Loftis (Feb 23)
- Re: Quarantine your infected users spreading malware Jim Segrave (Feb 28)
- Re: Quarantine your infected users spreading malware Christopher L. Morrow (Feb 28)
- Re: Quarantine your infected users spreading malware Bill Nash (Feb 28)
- Re: Quarantine your infected users spreading malware Christopher L. Morrow (Feb 28)
- Re: Quarantine your infected users spreading malware David Nolan (Feb 28)
- Re: Quarantine your infected users spreading malware Bill Nash (Feb 21)
- Re: Quarantine your infected users spreading malware Bill Nash (Feb 21)
- Re: Quarantine your infected users spreading malware Jason Frisvold (Feb 21)
- Re: Quarantine your infected users spreading malware Eric Gauthier (Feb 23)
- Re: Quarantine your infected users spreading malware Vicky Røde (Feb 21)
- Re: Quarantine your infected users spreading malware Gadi Evron (Feb 20)
- RE: Quarantine your infected users spreading malware Frank Bulk (Feb 20)