On Mon, 2007-01-22 at 08:17 +1300, Russell Fulton wrote:
we use packetfence (which hooks up to snort) to automatically quarantine
suspected infected machine on our residence network. Students have to
call the help desk and I am almost never involved.
Do they get a "first strike, fix it yourself" ? or just tagged, bagged
and forced to hit the helpdesk on first incident?