The worst abuse e-mail ever, sverige.net
Jeff Wheeler
jwheeler at usip.org
Wed Sep 22 00:01:55 UTC 2004
I'll admit to not knowing too much about this project, but what you are
describing sounds similar in part to the Network Admission Control that
Cisco is pushing - an automated way of ensuring user machines are
protected before being admitted on to the network.
Here is a link to their site on the subject:
http://www.cisco.com/en/US/netsol/ns466/
networking_solutions_white_paper0900aecd800fdd66.shtml
- Jeff
On Sep 21, 2004, at 6:00 PM, james edwards wrote:
>
>
>> The port 25 blocking seemed like a real good idea.
>>
>> -M
>
>
> I disagree. Port blocking does not change user behavior & it is user
> behavior that is causing this problem.
> Blocking just hides it. I used to believe in port blocking as the
> solution
> to many user problems but now I have 3 and 4 page ACL's
> on my border routers. This does not scale. Yes, I could push this out
> via
> radius to the NAS but again this does not solve the problem.
> I feel blocking just pushes us closer to ports loosing their
> uniqueness, as
> we have seen with PTP filesharing.
>
> The solution I am working toward is quickly identifying user
> infections. We
> are almost there. I collect and record
> all traffic from the users going to dark space and am almost finished
> with
> the system that will identify who held that
> IP at a specific time. It is all in SQL so that is easy. We already
> have a
> system in place where users, after multiple virus problems,
> must obtain protection software prior to being re-enabled. Ramping up
> the
> amount of proof we have at hand will allow us to enforce
> our existing AUP.
>
> The key to changing a behavior is to create consequences to this
> behavior. I
> have noticed we never have problems getting
> a user to get virus/firewall software after they pay to have their box
> disinfected. Hit the users first with e-mails, then phone contact,
> ending with being shut off should create the consequences needed to
> change
> their behavior.
>
> james
>
>
>
>
More information about the NANOG
mailing list