Quarantine your infected users spreading malware

Gadi Evron ge at linuxbox.org
Mon Feb 20 22:57:15 UTC 2006

Scott Weeks wrote:
> ----- Original Message Follows -----
> From: Gadi Evron <ge at linuxbox.org>
>>Many ISP's who do care about issues such as worms,
>>infected users  "spreading the love", etc. simply do not
>>have the man-power to handle  all their infected users'
>>Some who are user/broadband ISP's (not say, tier-1 and
>>tier-2's who  would be against it: "don't be the
>>Internet's Firewall") are blocking  ports such as 139 and
>>445 for a long time now, successfully preventing  many of
>>their users from becoming infected. This is also an
>>excellent  first step for responding to relevant outbreaks
>>and halting their progress.
>>Philosophy aside, it works. It stops infections. Period.
>>Back to the philosophy, there are some other solutions as
>>well. Plus,  should this even be done?
> Oh geez, here we go again...  Search the archives and read
> until you're content.  It's a non-thread.  This horse isn't
> only dead, it's not even a grease spot on the road any more.
>  :-(

I quite agree, which is why I trived to cover the philosophical part 
from both sides. Now, how about some solutions that came about since our 
last discussion that was nothing BUT philosophy?

More information about the NANOG mailing list