Quarantine your infected users spreading malware

Vicky Røde vickyr at socal.rr.com
Tue Feb 21 21:50:14 UTC 2006

Hash: SHA1

Bill Nash wrote:
> On Tue, 21 Feb 2006, Michael.Dillon at btradianz.com wrote:
>>Why not just bypass them and go direct to the unwashed
>>masses of end users? Offer them a free windows
>>infection blocker program that imposes the quarantine
>>itself locally on the user's machine. This program
> Offering them free software won't work to the levels you want. At first, 
> you'll get a response, because consumers always jump at free shiny things, 
> until something happens that makes them not like it anymore, and then 
> they'll dig in and never use it again. If you want to get this kind of 
> filtering into your core, you have a need to get this to a compulsory 
> level for access.
> I don't think there's any disagreement as to the roots of this problem:
> - Modern users are generally clueless.
> - Most don't have firewalls or even the most basic of protections.
> - Getting tools deployed where they need to be most is the hardest.
> With that said..
> If you're talking about a compulsory software solution, why not, as an 
> ISP, go back to authenticated activity? Distribute PPPOE clients mated 
> with common anti-spyware/anti-viral tools. Pull down and update signatures 
> *every time* the user logs in, and again periodically while the user is 
> logged in (for those that never log out). Require these safeguards to be 
> active before they can pass the smallest traffic.
> The change in traffic flow would necessitate some architecture kung fu, 
> maybe even AOL style, but you'd have the option of selectively picking out 
> reported malicious/infected users (*cough* ThreatNet *cough*) and routing 
> them through packet inspection frameworks on a case by case basis. Quite 
> possibly, you could even automate that and the users would never be the 
> wiser.
- -----------------
- From my past discussion at nanog sessions, it appears this sink-hole
like process has been extremely helpful for AOL.

Maybe Vijay from AOL could chime in and enlighten us or folks could look
at the archives.


> - billn
Version: GnuPG v1.2.5 (MingW32)
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org


More information about the NANOG mailing list