nanog mailing list archives
Re: Automatic shutdown of infected network connections
From: "Chris Lewis" <clewis () nortelnetworks com>
Date: Wed, 03 Sep 2003 15:01:06 -0400
Sean Donelan wrote:
How many ISPs disconnect infected computers from the network? Do you leave them connected because they are paying customers, and how else could they download the patch from microsoft?
As an aside:As a corporation (no customers per-se), we disconnect infected computers _completely_ (via remote router/switch control tools). We can do it automatically (via various detectors), but usually do it manually.
This is primarily to maintain service levels with non-infected stuff.Fixing the computer is usually done by support staff. Via CD if it's unsafe to reconnect the machine to the net.
If we get infested bad enough, we block the attack ports subnet-by-subnet as necessary until we've sterilized the subnet.
Current thread:
- Re: Automatic shutdown of infected network connections, (continued)
- Re: Automatic shutdown of infected network connections Matthew S. Hallacy (Sep 03)
- Re: Automatic shutdown of infected network connections Nathan E Norman (Sep 03)
- Re: Automatic shutdown of infected network connections Matthew S. Hallacy (Sep 03)
- Message not available
- Re: Automatic shutdown of infected network connections Nathan E Norman (Sep 03)
- Re: Automatic shutdown of infected network connections Mike Tancsa (Sep 03)
- Re: Automatic shutdown of infected network connections Roland Perry (Sep 03)