Quarantine your infected users spreading malware
vickyr at socal.rr.com
Tue Feb 21 21:50:14 UTC 2006
-----BEGIN PGP SIGNED MESSAGE-----
Bill Nash wrote:
> On Tue, 21 Feb 2006, Michael.Dillon at btradianz.com wrote:
>>Why not just bypass them and go direct to the unwashed
>>masses of end users? Offer them a free windows
>>infection blocker program that imposes the quarantine
>>itself locally on the user's machine. This program
> Offering them free software won't work to the levels you want. At first,
> you'll get a response, because consumers always jump at free shiny things,
> until something happens that makes them not like it anymore, and then
> they'll dig in and never use it again. If you want to get this kind of
> filtering into your core, you have a need to get this to a compulsory
> level for access.
> I don't think there's any disagreement as to the roots of this problem:
> - Modern users are generally clueless.
> - Most don't have firewalls or even the most basic of protections.
> - Getting tools deployed where they need to be most is the hardest.
> With that said..
> If you're talking about a compulsory software solution, why not, as an
> ISP, go back to authenticated activity? Distribute PPPOE clients mated
> with common anti-spyware/anti-viral tools. Pull down and update signatures
> *every time* the user logs in, and again periodically while the user is
> logged in (for those that never log out). Require these safeguards to be
> active before they can pass the smallest traffic.
> The change in traffic flow would necessitate some architecture kung fu,
> maybe even AOL style, but you'd have the option of selectively picking out
> reported malicious/infected users (*cough* ThreatNet *cough*) and routing
> them through packet inspection frameworks on a case by case basis. Quite
> possibly, you could even automate that and the users would never be the
- From my past discussion at nanog sessions, it appears this sink-hole
like process has been extremely helpful for AOL.
Maybe Vijay from AOL could chime in and enlighten us or folks could look
at the archives.
> - billn
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.5 (MingW32)
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org
-----END PGP SIGNATURE-----
More information about the NANOG