North American Network Operators Group Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical Re: Quarantine your infected users spreading malware
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Bill Nash wrote: > > > On Tue, 21 Feb 2006, [email protected] wrote: > > >>Why not just bypass them and go direct to the unwashed >>masses of end users? Offer them a free windows >>infection blocker program that imposes the quarantine >>itself locally on the user's machine. This program > > > Offering them free software won't work to the levels you want. At first, > you'll get a response, because consumers always jump at free shiny things, > until something happens that makes them not like it anymore, and then > they'll dig in and never use it again. If you want to get this kind of > filtering into your core, you have a need to get this to a compulsory > level for access. > > I don't think there's any disagreement as to the roots of this problem: > - Modern users are generally clueless. > - Most don't have firewalls or even the most basic of protections. > - Getting tools deployed where they need to be most is the hardest. > > With that said.. > > If you're talking about a compulsory software solution, why not, as an > ISP, go back to authenticated activity? Distribute PPPOE clients mated > with common anti-spyware/anti-viral tools. Pull down and update signatures > *every time* the user logs in, and again periodically while the user is > logged in (for those that never log out). Require these safeguards to be > active before they can pass the smallest traffic. > > The change in traffic flow would necessitate some architecture kung fu, > maybe even AOL style, but you'd have the option of selectively picking out > reported malicious/infected users (*cough* ThreatNet *cough*) and routing > them through packet inspection frameworks on a case by case basis. Quite > possibly, you could even automate that and the users would never be the > wiser. - ----------------- - From my past discussion at nanog sessions, it appears this sink-hole like process has been extremely helpful for AOL. Maybe Vijay from AOL could chime in and enlighten us or folks could look at the archives. regards, /virendra > > - billn > -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.5 (MingW32) Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org iD8DBQFD+4sWpbZvCIJx1bcRAq2oAJ4z9xmrBYwppdTpYTtLkNow+N17ZQCeJsnE xr6y99lCbEAnO60SUEtv9Xk= =av1X -----END PGP SIGNATURE-----
|