nanog mailing list archives
Re: FBI tells the public to call their ISP for help
From: Sean Donelan <sean () donelan com>
Date: Thu, 14 Jun 2007 10:32:16 -0400 (EDT)
On Thu, 14 Jun 2007, Jack Bates wrote:
May I recommend developing an in house method for allowing the customer only access to your servers (web, dns, proxy, etc), and then apply filters for everything else except for tcp/80. If you wanted to be additionally paranoid, you could even allow only established tcp/80 connections back to the customer.Once updated, customer could establish contact to have filters removed, or an automated web process you be created.It's a ton of work, and there are any number of ways to do it. A lot depends on your network. It can be done, though.
I went down that road several times, and there are many issues with what you have described which won't work for how Microsoft distributes its updates and patches; and with the user. Microsoft has enabled Windows with enough features, users can infect their machine with only TCP/80.
Please review the archives for details from several years ago, and atsome point you will end up needing to violate the written Microsoft licenses.
Its not a technical problem (although engineers seem to like to think everything is), its a legal issue with Microsoft's lawyer and licenses.
Current thread:
- Re: FBI tells the public to call their ISP for help, (continued)
- Re: FBI tells the public to call their ISP for help Roland Dobbins (Jun 13)
- Re: FBI tells the public to call their ISP for help Sean Donelan (Jun 13)
- Re: FBI tells the public to call their ISP for help John Levine (Jun 13)
- Re: FBI tells the public to call their ISP for help Sean Donelan (Jun 14)
- RE: FBI tells the public to call their ISP for help michael.dillon (Jun 14)
- Re: FBI tells the public to call their ISP for help Kradorex Xeron (Jun 14)
- Re: FBI tells the public to call their ISP for help Per Heldal (Jun 15)
- RE: FBI tells the public to call their ISP for help Frank Bulk (Jun 16)
- Re: FBI tells the public to call their ISP for help Alexander Harrowell (Jun 17)
- Re: FBI tells the public to call their ISP for help Sean Donelan (Jun 14)
- Re: FBI tells the public to call their ISP for help Roland Dobbins (Jun 13)
- Re: FBI tells the public to call their ISP for help Jack Bates (Jun 14)
- Re: FBI tells the public to call their ISP for help Sean Donelan (Jun 14)
- Re: FBI tells the public to call their ISP for help Owen DeLong (Jun 14)
- Re: FBI tells the public to call their ISP for help Jim Popovitch (Jun 14)
- Re: FBI tells the public to call their ISP for help Owen DeLong (Jun 14)
- Re: FBI tells the public to call their ISP for help Florian Weimer (Jun 15)
- Re: FBI tells the public to call their ISP for help Owen DeLong (Jun 15)
- Re: FBI tells the public to call their ISP for help Florian Weimer (Jun 15)
- Re: FBI tells the public to call their ISP for help Kevin Day (Jun 15)
- Re: FBI tells the public to call their ISP for help Fred Baker (Jun 15)
- Re: FBI tells the public to call their ISP for help Florian Weimer (Jun 16)
- Re: FBI tells the public to call their ISP for help John Levine (Jun 14)