Quarantine your infected users spreading malware

Jim Segrave jes at nl.demon.net
Thu Mar 2 11:04:27 UTC 2006

On Wed 01 Mar 2006 (11:42 -0600), Jack Bates wrote:
> Christopher L. Morrow wrote:
> <snip>
> >agreed, punting this problem to the helpdesk makes the helpdesk manager
> >grab his gun(s) and find the security wonk that put a hurtin' on his
> >numbers :) Also, it costs lots of money, which isn't generally a good
> >plan.
> Do you find that web redirection actually stems the flow of calls to the 
> helpdesk? We find that anything out of the normal usually results in a 
> customer calling the helpdesk just because they weren't expecting it. We 
> found this to be true of email notifications as well. The other issue 
> is, of course, differing what we are doing with those thousands of 
> annoying ads that make users believe they are infected.

Yes, it reduces, but does not stop the number of calls. More
importantly, because the customer can still access sites such as MS
update, Norton, McAfee, Housecall etc, even while quarantined, those
people who call the helpdesk can get directed to the "how to fix it
page" rapidly, so the calls stay shorter.

Jim Segrave           jes at nl.demon.net

More information about the NANOG mailing list