[61561] in North American Network Operators' Group
Re: Automatic shutdown of infected network connections
daemon@ATHENA.MIT.EDU (Omachonu Ogali)
Fri Aug 29 23:45:51 2003
Date: Fri, 29 Aug 2003 23:44:33 -0400
From: Omachonu Ogali <nanog@missnglnk.com>
To: Sean Donelan <sean@donelan.com>
Cc: nanog@merit.edu
In-Reply-To: <Pine.GSO.4.44.0308292137070.8882-100000@clifden.donelan.com>
Errors-To: owner-nanog-outgoing@merit.edu
On Fri, Aug 29, 2003 at 09:44:11PM -0400, Sean Donelan wrote:
> How many ISPs disconnect infected computers from the network? Do you
> leave them connected because they are paying customers, and how else
> could they download the patch from microsoft?
Let's see...
* I don't know how many, at minimum, those who receive
court subpoenas telling them to.
* Do you leave a user connected if they are in violation
of your AUP and is wreaking havoc on your network and
other networks?
* Perhaps you could send a disk out? Or set them up in a
sandbox-type LAN where they can only visit your internal
disinfection site?
