Quarantine your infected users spreading malware
Jim Segrave
jes at nl.demon.net
Thu Mar 2 11:02:37 UTC 2006
On Wed 01 Mar 2006 (16:33 +0000), Christopher L. Morrow wrote:
>
>
> On Wed, 1 Mar 2006, JP Velders wrote:
>
> >
> > > Date: Tue, 28 Feb 2006 18:50:29 +0000 (GMT)
> > > From: Christopher L. Morrow <christopher.morrow at verizonbusiness.com>
> > > To: nanog at merit.edu
> > > Subject: Re: Quarantine your infected users spreading malware
> >
> > > On Tue, 28 Feb 2006, Jim Segrave wrote:
> >
> > > > www.quarantainenet.nl
> >
> > > > It puts them in a protected environment where they can get cleaned up
> > > > on-line without serious risk of re-infection. They can pop their
> > > > e-mail, reply via webmail, but they can't connect to anywhere except a
> > > > list of update sites.
> >
> > > there was little in the way of 'how' in the link above though :(
> >
> > Well, it's very much dependant on your own network.
> > >From what I know (from presentations of the folk behind Qnet, and
> > talks with people actually using it) is that they have a sort of
> > "export" module, which allows you to either output the IP's, or parse
> > them such that you get a crafted DHCP entry, or special MAC address
> > based "alternate VLAN" statement for on a switch etc.
>
> which is fabulous for those of you with ethernet... without ethernet most
> of these solutions fall on their faces and die the horrid death of an
> enterprise product :( Now, they say: "Works great on carrier networks"...
> my question was "how" and "perhaps with a little less hand-waviness
> please?"
You could have answered your own questions, for your own network, in
the same amount of time as writing these postings to nanog, by asking
the company.
--
Jim Segrave jes at nl.demon.net
More information about the NANOG
mailing list