nanog mailing list archives
Quarantining infected hosts (Was: FBI tells the public to call their ISP for help)
From: Jeroen Massar <jeroen () unfix org>
Date: Sun, 17 Jun 2007 15:15:17 +0100
Frank Bulk wrote:
The Billy Goat product only seems to detect and notify nefarious activity, but it does nothing for the owned clients. I want something that restricts my owned subscribers to downloading updates and tools while preventing them from spewing forth more spam and the like.
A Billy Goat will nicely quarantine the host that is infected, that is the whole goal of the system. What access is still allowed when the host is in that quarantine is of course a matter of policy. Allowing them to access things like Windows Update and providing at least a good virusscanner + SpyBot Search&Destroy etc is most likely a good thing to do for these situations. IMHO ISPs should per default simply feed port 25 outbound through their own SMTP relays. BUT always have a very easy way (eg a Control Panel behind a user/pass on a website) to disable this kind of filtering. This is what XS4all does and it seems to have a lot of effect but still allows anybody who doesn't 'want' this protection to use the Internet the way they want it, and not the way that is prescribed before them. Of course, when they disable the filter it becomes very easy when something does go wrong to laugh at them and not allow them to turn the filter off unless they pay a fine or something similar ;) For that matter, why don't ISPs start doing that: Introduce a fine. When somebody gets infected, and thus doesn't take good care of his/her/it's computer fine them. Let them pay say $25 to get fully back on the Internet and only allow a very slow rate of traffic in the mean time. Of course, the argument most likely goes then that they will swap ISPs, but they will quickly run out of those and of course ISPs don't want to lose clients over it, as the ignorant are the ones that provide the simple cash.
Mirage Networks is the closest to it, from my limited knowledge.
As mentioned, there are most very likely different products in this area which can resolve your problem. Also one can always run your own(tm). Greets, Jeroen
Attachment:
signature.asc
Description: OpenPGP digital signature
Current thread:
- Re: FBI tells the public to call their ISP for help, (continued)
- Re: FBI tells the public to call their ISP for help Florian Weimer (Jun 16)
- Re: FBI tells the public to call their ISP for help John Levine (Jun 14)
- Re: FBI tells the public to call their ISP for help Chris Adams (Jun 14)
- Re: FBI tells the public to call their ISP for help Patrick W. Gilmore (Jun 14)
- Re: FBI tells the public to call their ISP for help Jeroen Massar (Jun 14)
- Re: FBI tells the public to call their ISP for help Sean Donelan (Jun 14)
- Re: FBI tells the public to call their ISP for help Roland Dobbins (Jun 14)
- RE: FBI tells the public to call their ISP for help Frank Bulk (Jun 16)
- Re: FBI tells the public to call their ISP for help Jeroen Massar (Jun 16)
- RE: FBI tells the public to call their ISP for help Frank Bulk (Jun 16)
- Quarantining infected hosts (Was: FBI tells the public to call their ISP for help) Jeroen Massar (Jun 17)
- Re: Quarantining infected hosts (Was: FBI tells the public to call their ISP for help) Sean Donelan (Jun 17)
- RE: Assigning a fine (Was: Quarantining infected hosts (Was: FBI tells the public to call their ISP for help)) Frank Bulk (Jun 18)
- Re: Assigning a fine (Was: Quarantining infected hosts (Was: FBI tells the public to call their ISP for help)) Leigh Porter (Jun 18)
- Re: Quarantining infected hosts (Was: FBI tells the public to call their ISP for help) Suresh Ramasubramanian (Jun 18)
- Re: Quarantining infected hosts (Was: FBI tells the public to call their ISP for help) Jeroen Massar (Jun 18)
- Re: Quarantining infected hosts (Was: FBI tells the public to call their ISP for help) Suresh Ramasubramanian (Jun 18)
- Re: Quarantining infected hosts (Was: FBI tells the public to call their ISP for help) Sean Donelan (Jun 18)
- Re: Quarantining infected hosts (Was: FBI tells the public to call their ISP for help) Suresh Ramasubramanian (Jun 18)
- Re: Quarantining infected hosts (Was: FBI tells the public to call their ISP for help) Sean Donelan (Jun 18)
- Re: Quarantining infected hosts (Was: FBI tells the public to call their ISP for help) Suresh Ramasubramanian (Jun 18)