Re: [Re: Have worm? University upgrades network]

[joshua sahala <joshua.ej.smith () usa net>]

Sean Donelan <sean () donelan com> wrote:
> Do people find "self-certification" by end-users actually fixes 
> anything?

depends on how badly they want to get back on that interweb-thing...and
how clueful they are (or can be made to be).  if the penalties for not
being clean are steep enough (no interweb privileges for a semester),
then i think they will do it right.

> Or do users keep on clicking on the "Yes, I'm Clean" button?
>
> In the meantime, you still have to carry the traffic from the infected
> computer if only on your quarantine "network." Usually the quarantine 
> LAN is some type of virtual network, so the underlying bandwidth is
> still consumed by the traffic. Its amazing what happens to a 
> registration server when an infected computer tries to register tens of
> thousands of times a minute.  Redirecting the user traffic to a 
> quarantine server, results in that server getting whalloped.

i would hope that you are filtering and rate-limiting upstream traffic,
and that you have built the server with sufficient horsepower and
self-preservation hooks that it would survive.  ftp or http don't require
too much upstream, and you probably don't need to allow much else from 
the users computers

/joshua


"Walk with me through the Universe,
 And along the way see how all of us are Connected.
 Feast the eyes of your Soul,
 On the Love that abounds.
 In all places at once, seemingly endless,
 Like your own existence."
     - Stephen Hawking -