nanog mailing list archives
Re: Quarantine your infected users spreading malware
From: Jim Segrave <jes () nl demon net>
Date: Tue, 28 Feb 2006 10:29:12 +0100
On Thu 23 Feb 2006 (11:18 -0600), Michael Loftis wrote:
--On February 23, 2006 8:02:31 AM -0600 Jack Bates <jbates () brightok net> wrote:We allowed users back online to run Housecall at trendmicro for free so they could get cleaned up and save some money. However, the resuspend rate was so high, we quickly changed to offline cleanup only. It will remain until we perfect our auto defense system. Customers just want things to work. They don't care if they are infected. It's amazing how many customers swear they aren't scanning or sending email, and refuse to understand that their computer is capable of doing things without them knowing.What doesn't help is the ISPs out there who are complete dolts and first don't verify reports and second false alarm. They'll cut a user off on a single complaint without any evidence or verification. Or worse they have some automated system that false alarms without any way to verify you're cleaned up. And if you can't get online you can't get cleaned up anyway. Catch 22.
www.quarantainenet.nl It puts them in a protected environment where they can get cleaned up on-line without serious risk of re-infection. They can pop their e-mail, reply via webmail, but they can't connect to anywhere except a list of update sites. It uses honeypots to avoid false positives. In short, it works. -- Jim Segrave jes () nl demon net
Current thread:
- Re: Quarantine your infected users spreading malware, (continued)
- Re: Quarantine your infected users spreading malware Valdis . Kletnieks (Feb 21)
- Re: Quarantine your infected users spreading malware Jason Frisvold (Feb 21)
- Re: Quarantine your infected users spreading malware PC (Feb 21)
- Re: Quarantine your infected users spreading malware Larry Smith (Feb 21)
- Re: Quarantine your infected users spreading malware Andy Davidson (Feb 22)
- Re: Quarantine your infected users spreading malware Jason Frisvold (Feb 23)
- Re: Quarantine your infected users spreading malware Jack Bates (Feb 23)
- Re: Quarantine your infected users spreading malware Michael Loftis (Feb 23)
- Re: Quarantine your infected users spreading malware Gadi Evron (Feb 23)
- Re: Quarantine your infected users spreading malware Michael Loftis (Feb 23)
- Re: Quarantine your infected users spreading malware Jim Segrave (Feb 28)
- Re: Quarantine your infected users spreading malware Christopher L. Morrow (Feb 28)
- Re: Quarantine your infected users spreading malware Bill Nash (Feb 28)
- Re: Quarantine your infected users spreading malware Christopher L. Morrow (Feb 28)
- Re: Quarantine your infected users spreading malware David Nolan (Feb 28)
- Re: Quarantine your infected users spreading malware Bill Nash (Feb 21)
- Re: Quarantine your infected users spreading malware Bill Nash (Feb 21)
- Re: Quarantine your infected users spreading malware Jason Frisvold (Feb 21)
- Re: Quarantine your infected users spreading malware Eric Gauthier (Feb 23)
- Re: Quarantine your infected users spreading malware Vicky Røde (Feb 21)