North American Network Operators Group

Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

Re: [Re: Have worm? University upgrades network]

  • From: Ryan Dobrynski
  • Date: Mon Dec 01 10:35:45 2003

would be nice if microsoft had some sort of "launcher" like you see on
all the good mmorpg's. pop open the launcher and it checks for updates
and antivirus BEFORE it lets you out of jail to the rest of the world.

prolly make em a few $$ in deals with an antivirus company. i think it'd
be the one money grubbing feature of windows that i would actually like..
course the patch server goes down and you just hosed everyone off the
internet... wait a sec... *grins*

Mon, 1 Dec 2003, Sean Donelan wrote:

> Date: Mon, 1 Dec 2003 09:49:34 -0500 (EST)
> From: Sean Donelan <[email protected]>
> To: joshua sahala <[email protected]>
> Cc: [email protected]
> Subject: Re: [Re: Have worm? University upgrades network]
> On Mon, 1 Dec 2003, joshua sahala wrote:
> > > Do people find "self-certification" by end-users actually fixes
> > > anything?
> >
> > depends on how badly they want to get back on that interweb-thing...and
> > how clueful they are (or can be made to be).  if the penalties for not
> > being clean are steep enough (no interweb privileges for a semester),
> > then i think they will do it right.
> Ah, you mean the same policies they previously agreed to follow worked so
> well to keep their computers up-to-date and virus-free will work in this
> case too?  If the policies were working, why install new systems?
> In order to fix something, you first have to understand what is broken.
> > i would hope that you are filtering and rate-limiting upstream traffic,
> > and that you have built the server with sufficient horsepower and
> > self-preservation hooks that it would survive.  ftp or http don't require
> > too much upstream, and you probably don't need to allow much else from
> > the users computers
> Dynamic application of queue policies on every port on your network?  A
> single infected computer can wipe out an WiFi area, even if you have an
> upstream filter on the access point.  Unless there is a way for the
> network to push the filter onto the computer's NIC, the network has to
> sustain the load from the worm even if it drops the packets.
> With 802.1x (or PPP or however you authenticate), it would be nice if the
> network could securely negotiate filters for the NIC side of the
> connection.

Ryan Dobrynski
Hat-Swapping Gnome
Choice Communications

Like the ski resort of girls looking for husbands and husbands looking
for girls, the situation is not as symmetrical as it might seem.