nanog mailing list archives

Re: Automatic shutdown of infected network connections

From: "Chris Lewis" <clewis () nortelnetworks com>
Date: Wed, 03 Sep 2003 15:01:06 -0400


Sean Donelan wrote:

How many ISPs disconnect infected computers from the network?  Do you
leave them connected because they are paying customers, and how else
could they download the patch from microsoft?


As an aside:

As a corporation (no customers per-se), we disconnect infected computers_completely_ (via remote router/switch control tools). We can do itautomatically (via various detectors), but usually do it manually.


This is primarily to maintain service levels with non-infected stuff.

Fixing the computer is usually done by support staff. Via CD if it'sunsafe to reconnect the machine to the net.

If we get infested bad enough, we block the attack portssubnet-by-subnet as necessary until we've sterilized the subnet.

Current thread:

Re: Automatic shutdown of infected network connections, (continued)
- - - Re: Automatic shutdown of infected network connections Matthew S. Hallacy (Sep 03)
    - Re: Automatic shutdown of infected network connections Nathan E Norman (Sep 03)
    - Re: Automatic shutdown of infected network connections Matthew S. Hallacy (Sep 03)
    - Message not available
    - Re: Automatic shutdown of infected network connections Nathan E Norman (Sep 03)
  - Re: Automatic shutdown of infected network connections Omachonu Ogali (Sep 03)
    - Re: Automatic shutdown of infected network connections Mike Tancsa (Sep 03)
    - Re: Automatic shutdown of infected network connections Roland Perry (Sep 03)
    - Message not available
    - Re: Automatic shutdown of infected network connections Omachonu Ogali (Sep 03)
    - Re: Automatic shutdown of infected network connections Mike Tancsa (Sep 03)
    - Re: Automatic shutdown of infected network connections Chris Horry (Sep 03)
- Re: Automatic shutdown of infected network connections Chris Lewis (Sep 03)