nanog mailing list archives
Re: Quarantine your infected users spreading malware
From: Vicky Røde <vickyr () socal rr com>
Date: Tue, 21 Feb 2006 13:50:14 -0800
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Bill Nash wrote:
On Tue, 21 Feb 2006, Michael.Dillon () btradianz com wrote:Why not just bypass them and go direct to the unwashed masses of end users? Offer them a free windows infection blocker program that imposes the quarantine itself locally on the user's machine. This programOffering them free software won't work to the levels you want. At first, you'll get a response, because consumers always jump at free shiny things, until something happens that makes them not like it anymore, and then they'll dig in and never use it again. If you want to get this kind of filtering into your core, you have a need to get this to a compulsory level for access. I don't think there's any disagreement as to the roots of this problem: - Modern users are generally clueless. - Most don't have firewalls or even the most basic of protections. - Getting tools deployed where they need to be most is the hardest. With that said.. If you're talking about a compulsory software solution, why not, as an ISP, go back to authenticated activity? Distribute PPPOE clients mated with common anti-spyware/anti-viral tools. Pull down and update signatures *every time* the user logs in, and again periodically while the user is logged in (for those that never log out). Require these safeguards to be active before they can pass the smallest traffic. The change in traffic flow would necessitate some architecture kung fu, maybe even AOL style, but you'd have the option of selectively picking out reported malicious/infected users (*cough* ThreatNet *cough*) and routing them through packet inspection frameworks on a case by case basis. Quite possibly, you could even automate that and the users would never be the wiser.
- ----------------- - From my past discussion at nanog sessions, it appears this sink-hole like process has been extremely helpful for AOL. Maybe Vijay from AOL could chime in and enlighten us or folks could look at the archives. regards, /virendra
- billn
-----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.5 (MingW32) Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org iD8DBQFD+4sWpbZvCIJx1bcRAq2oAJ4z9xmrBYwppdTpYTtLkNow+N17ZQCeJsnE xr6y99lCbEAnO60SUEtv9Xk= =av1X -----END PGP SIGNATURE-----
Current thread:
- Re: Quarantine your infected users spreading malware, (continued)
- Re: Quarantine your infected users spreading malware Michael Loftis (Feb 23)
- Re: Quarantine your infected users spreading malware Jim Segrave (Feb 28)
- Re: Quarantine your infected users spreading malware Christopher L. Morrow (Feb 28)
- Re: Quarantine your infected users spreading malware Bill Nash (Feb 28)
- Re: Quarantine your infected users spreading malware Christopher L. Morrow (Feb 28)
- Re: Quarantine your infected users spreading malware David Nolan (Feb 28)
- Re: Quarantine your infected users spreading malware Bill Nash (Feb 21)
- Re: Quarantine your infected users spreading malware Bill Nash (Feb 21)
- Re: Quarantine your infected users spreading malware Jason Frisvold (Feb 21)
- Re: Quarantine your infected users spreading malware Eric Gauthier (Feb 23)
- Re: Quarantine your infected users spreading malware Vicky Røde (Feb 21)
- Re: Quarantine your infected users spreading malware Gadi Evron (Feb 20)
- RE: Quarantine your infected users spreading malware Frank Bulk (Feb 20)
- Re: Quarantine your infected users spreading malware Gadi Evron (Feb 20)
- Re: Quarantine your infected users spreading malware James (Feb 21)
- Re: Quarantine your infected users spreading malware Gadi Evron (Feb 20)
- RE: Quarantine your infected users spreading malware Edward W. Ray (Feb 20)