and here are some answers [was: Quarantine your infected users spreading malware]
Gadi Evron
ge at linuxbox.org
Tue Feb 21 05:01:57 UTC 2006
Sean Donelan wrote:
> On Tue, 21 Feb 2006, Christopher L. Morrow wrote:
>
>>it's also not just a 'i got infected over the net' problem... where is
>>that sean when you need his nifty stats :) Something about no matter what
>>you filter grandpa-jones will find a way to click on the nekkid jiffs of
>>Anna Kournikova again :(
>
>
> Give me (or CAIDA) permission to peak inside your networks and I'm sure
> there are lots of nifty stats we could anonymize :)
>
> The big mystery for me has always been the computers that are infected
> BEFORE they are connected to the network for the first time (according
> to their owners). Its never repeatable, and never provable, but the
> computer owner swears it happened. In any case, the home computer is
> owned by the home user, not the ISP or an employer or a media company. If
> you make something attractive enough to the user, he will find a way to
> get it on his computer no matter how many roadblocks you try to put in
> the way.
>
> An ISP blocking one virus or worm doesn't change the end result. Time
> after time I've watched, the computers eventually get infected anyway.
> Although it may appear to take longer or your NIDS may not pick up the
> final signature. Look at Adlex, Motive, Arbor, ISS, Microsoft and other
> vendors for ideas I've used over several years and they are now selling.
>
> On the other hand, the number of infected computers never seems to spiral
> out of control. I've been wondering, instead of trying to figure out why
> some computers get infected, should we be trying to figure out why most
> computers don't become infected?
Comment only on last paragraph:
Many *home* computers do, quite a few *corporate* do as well, in my
experience.
Even if they didn't the numbers we face are significant enough.
--
http://blogs.securiteam.com/
"Out of the box is where I live".
-- Cara "Starbuck" Thrace, Battlestar Galactica.
More information about the NANOG
mailing list