Quarantine your infected users spreading malware

Jason Frisvold xenophage0 at gmail.com
Tue Feb 21 15:42:20 UTC 2006

On 2/21/06, Bill Nash <billn at odyssey.billn.net> wrote:
> If you're talking about a compulsory software solution, why not, as an
> ISP, go back to authenticated activity? Distribute PPPOE clients mated
> with common anti-spyware/anti-viral tools. Pull down and update signatures
> *every time* the user logs in, and again periodically while the user is
> logged in (for those that never log out). Require these safeguards to be
> active before they can pass the smallest traffic.

Cost prohibitive..  In order to do that you'll need licenses from the
AV companies..

> The change in traffic flow would necessitate some architecture kung fu,
> maybe even AOL style, but you'd have the option of selectively picking out
> reported malicious/infected users (*cough* ThreatNet *cough*) and routing
> them through packet inspection frameworks on a case by case basis. Quite
> possibly, you could even automate that and the users would never be the
> wiser.

And then the privacy zealots would be livid..  Silently re-routing
traffic like that..  How dare you suggest such a ... wait..  hrm.. 
The internet basically does this already..  I wonder if the zealots
are aware of that..  :)

> - billn

Jason 'XenoPhage' Frisvold
XenoPhage0 at gmail.com

More information about the NANOG mailing list