Home page logo

nanog logo nanog mailing list archives

Re: Quarantine your infected users spreading malware
From: "Scott Weeks" <surfer () mauigateway com>
Date: Mon, 20 Feb 2006 12:17:44 -1000

----- Original Message Follows -----
From: Gadi Evron <ge () linuxbox org>

Many ISP's who do care about issues such as worms,
infected users  "spreading the love", etc. simply do not
have the man-power to handle  all their infected users'

Some who are user/broadband ISP's (not say, tier-1 and
tier-2's who  would be against it: "don't be the
Internet's Firewall") are blocking  ports such as 139 and
445 for a long time now, successfully preventing  many of
their users from becoming infected. This is also an
excellent  first step for responding to relevant outbreaks
and halting their progress.

Philosophy aside, it works. It stops infections. Period.

Back to the philosophy, there are some other solutions as
well. Plus,  should this even be done?

Oh geez, here we go again...  Search the archives and read
until you're content.  It's a non-thread.  This horse isn't
only dead, it's not even a grease spot on the road any more.


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]