Quarantine your infected users spreading malware
jes at nl.demon.net
Thu Mar 2 11:02:37 UTC 2006
On Wed 01 Mar 2006 (16:33 +0000), Christopher L. Morrow wrote:
> On Wed, 1 Mar 2006, JP Velders wrote:
> > > Date: Tue, 28 Feb 2006 18:50:29 +0000 (GMT)
> > > From: Christopher L. Morrow <christopher.morrow at verizonbusiness.com>
> > > To: nanog at merit.edu
> > > Subject: Re: Quarantine your infected users spreading malware
> > > On Tue, 28 Feb 2006, Jim Segrave wrote:
> > > > www.quarantainenet.nl
> > > > It puts them in a protected environment where they can get cleaned up
> > > > on-line without serious risk of re-infection. They can pop their
> > > > e-mail, reply via webmail, but they can't connect to anywhere except a
> > > > list of update sites.
> > > there was little in the way of 'how' in the link above though :(
> > Well, it's very much dependant on your own network.
> > >From what I know (from presentations of the folk behind Qnet, and
> > talks with people actually using it) is that they have a sort of
> > "export" module, which allows you to either output the IP's, or parse
> > them such that you get a crafted DHCP entry, or special MAC address
> > based "alternate VLAN" statement for on a switch etc.
> which is fabulous for those of you with ethernet... without ethernet most
> of these solutions fall on their faces and die the horrid death of an
> enterprise product :( Now, they say: "Works great on carrier networks"...
> my question was "how" and "perhaps with a little less hand-waviness
You could have answered your own questions, for your own network, in
the same amount of time as writing these postings to nanog, by asking
Jim Segrave jes at nl.demon.net
More information about the NANOG