Home page logo
/

nanog logo nanog mailing list archives

Re: Quarantine your infected users spreading malware
From: Gadi Evron <ge () linuxbox org>
Date: Tue, 21 Feb 2006 00:57:15 +0200


Scott Weeks wrote:
----- Original Message Follows -----
From: Gadi Evron <ge () linuxbox org>

Many ISP's who do care about issues such as worms,
infected users  "spreading the love", etc. simply do not
have the man-power to handle  all their infected users'
population.


Some who are user/broadband ISP's (not say, tier-1 and
tier-2's who  would be against it: "don't be the
Internet's Firewall") are blocking  ports such as 139 and
445 for a long time now, successfully preventing  many of
their users from becoming infected. This is also an
excellent  first step for responding to relevant outbreaks
and halting their progress.

Philosophy aside, it works. It stops infections. Period.

Back to the philosophy, there are some other solutions as
well. Plus,  should this even be done?




Oh geez, here we go again...  Search the archives and read
until you're content.  It's a non-thread.  This horse isn't
only dead, it's not even a grease spot on the road any more.
 :-(

I quite agree, which is why I trived to cover the philosophical part from both sides. Now, how about some solutions that came about since our last discussion that was nothing BUT philosophy?


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault