Re: Automatic shutdown of infected network connections

[Jonathan Crockett <jcrockett () midco net>]

On Fri, Aug 29, 2003 at 09:44:11PM -0400, Sean Donelan wrote:
> Some universities such as Vanderbilt University are automatically
> shutting down network ports when they detected signature worm traffic.
> Almost 25% of the students' computers were detected as infected when they
> connected to the university network.
>
> http://www.vanderbilthustler.com/vnews/display.v/ART/2003/08/29/3f4eb4b3537e0
>
>
> How many ISPs disconnect infected computers from the network?  Do you
> leave them connected because they are paying customers, and how else
> could they download the patch from microsoft?
I work for a cable modem provider.  What we came up with is a modem config
that allows http, pop, and smtp while cutting the allowed bandwidth to 56k
upstream and 56k downstrem.  This way they can still get the needed updates,
but are not able to blast our network.  Secondary effect is that customer
will call in an complain about slow speeds, then our techs can tell them why,
they are slow and inform them how to fix the problem.

-- 
Jonathan Crockett
Network Engineer
Midcontinent Communications