North American Network Operators Group

Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

Re: Quarantine your infected users spreading malware

  • From: Jason Frisvold
  • Date: Tue Feb 21 10:43:28 2006
  • Domainkey-signature: a=rsa-sha1; q=dns; c=nofws; s=beta;; h=received:message-id:date:from:to:subject:cc:in-reply-to:mime-version:content-type:content-transfer-encoding:content-disposition:references; b=DcOhEFD0L/pWxAxhxGGC+MM0xDpXSxyJRPHKPTfq2YteIU35ddOyxQj4SaXmlwaPnoeidIAWsntA7UVNNWMKPx8CKRT53Rgiw3fB+/iJPFpRco5emPhtFCNjv/CV3p4P3X6I9BUogy8WxqaiQMw70uuia6ivJz1w8pWq15ceS3E=

On 2/21/06, Bill Nash <[email protected]> wrote:
> If you're talking about a compulsory software solution, why not, as an
> ISP, go back to authenticated activity? Distribute PPPOE clients mated
> with common anti-spyware/anti-viral tools. Pull down and update signatures
> *every time* the user logs in, and again periodically while the user is
> logged in (for those that never log out). Require these safeguards to be
> active before they can pass the smallest traffic.

Cost prohibitive..  In order to do that you'll need licenses from the
AV companies..

> The change in traffic flow would necessitate some architecture kung fu,
> maybe even AOL style, but you'd have the option of selectively picking out
> reported malicious/infected users (*cough* ThreatNet *cough*) and routing
> them through packet inspection frameworks on a case by case basis. Quite
> possibly, you could even automate that and the users would never be the
> wiser.

And then the privacy zealots would be livid..  Silently re-routing
traffic like that..  How dare you suggest such a ... wait..  hrm.. 
The internet basically does this already..  I wonder if the zealots
are aware of that..  :)

> - billn

Jason 'XenoPhage' Frisvold
[email protected]