ISP network registration virus scan
Ryan Dobrynski
ryan at viaccess.net
Sat Oct 4 04:01:48 UTC 2003
for most virus type stuff i find an acl on thier nearest interface to
both deny and log thier traffic patterns is helpfull. im not sure how
feasable that would be on a larger network. i've only got about 10k
users so the above is not yet unreasonable.
On Fri, 3 Oct 2003, Sean
Donelan wrote:
> Date: Fri, 3 Oct 2003 20:57:20 -0400 (EDT)
> From: Sean Donelan <sean at donelan.com>
> To: Alex Lambert <alambert at quickfire.org>
> Cc: nanog at merit.edu
> Subject: Re: ISP network registration virus scan
>
>
> On Fri, 3 Oct 2003, Alex Lambert wrote:
> > > The university netreg lists has a frequently asked question if its
> > > possible to perform a virus scan of new computers as part of the network
> > > registration process. So far, people have only been able to do a network
> > > scan (e.g. open ports), or some version of proxy check or nessus.
> >
> > The University of Florida has implemented something like this.
> > Apparently, they have a client-side app that detects malware...and P2P
> > apps. Interesting concept but it's understandably not being received well.
> >
> > http://yro.slashdot.org/yro/03/10/03/1643202.shtml
>
> That's just a normal network traffic flow monitor, it doesn't actually
> check the user's computer.
>
> The issue is how to check the computer is "fixed" after the user claims
> its fixed. Or do you just keep repeating the cycle of user claims the
> computer is fixed, enable the port, computer attacks other stuff, disable
> the port, user claims its fixed, repeat.
>
>
Ryan Dobrynski
Hat-Swapping Gnome
Choice Communications
Like the ski resort of girls looking for husbands and husbands looking
for girls, the situation is not as symmetrical as it might seem.
More information about the NANOG
mailing list