Quarantine your infected users spreading malware

Jason Frisvold xenophage0 at gmail.com
Tue Feb 21 03:05:00 UTC 2006

On 2/20/06, Edward W. Ray <spamjail at mmicman.com> wrote:
> ISPs should not police users, just like auto manufacturers should not police
> drivers.  That is what driver's licenses are for.

So the state polices the drivers..  Should the state police the
internet as well?  And how would that be implemented?  The ISP will
take the brunt of the operational interference anyways as the "police"
have no other way of stopping those drivers.

And when Joe Drivers gets busted and banned, he'll make up a new
identity to use at ISP B.

I tend to agree with Gadi that we, the ISPs, need to do at least some
blocking.  I don't see it happening anytime soon though.  There's
still way too many ops out there who take something like this as a
challenge to their ablility to operate a network when in fact, it's
the users who are the problem.  I'd rather open up everything and
allow a user 100% unfiltered access, but most users don't know what to
do with that and don't take proper precautions.

So, for residential users I think that a reasonable filter should be
applied.  Block stuff like Netbios.  Implement spoofing filters.  Do
whatever you can to "protect" the users without impacting their
ability to use the internet.  For commercial users, offer simple
protection, or make sure they know that they will be help responsible
for virus activity sourcing from them.  Shut down those ports if they
become active.

I also like the idea of putting infected users in a quarantine.  Alert
them via an automated process.  Give them access to updates, but
prevent them from infecting others.  I think this is a more than
reasonable expectation from end-users.  In fact, I'd be more inclined
to use an ISP that has safe-guards like this in place.

It might even be worth it to put together a best practices guide that
lays out the "minimum" requirements for something like this.  (It may
even exist..  If so, I'd be interested in reading it if someone would
be kind enough to provide a link)

> Ed Ray

Go Go Gadget Flame-Retardent Suit!

Jason 'XenoPhage' Frisvold
XenoPhage0 at gmail.com

More information about the NANOG mailing list