[61585] in North American Network Operators' Group
Re: Automatic shutdown of infected network connections
daemon@ATHENA.MIT.EDU (Jack Bates)
Sat Aug 30 12:45:23 2003
Date: Sat, 30 Aug 2003 11:43:18 -0500
From: Jack Bates <jbates@brightok.net>
To: Sean Donelan <sean@donelan.com>
Cc: nanog@merit.edu
In-Reply-To: <Pine.GSO.4.44.0308292137070.8882-100000@clifden.donelan.com>
Errors-To: owner-nanog-outgoing@merit.edu
Sean Donelan wrote:
>
> How many ISPs disconnect infected computers from the network? Do you
> leave them connected because they are paying customers, and how else
> could they download the patch from microsoft?
We disconnect after contact if they remain infected after 72 hours or
once we determine contact won't be possible.
User's are responsible for their own computers. We understand that many
of them need the service in order to fix their systems. However, a line
has to be drawn at some point. I want the 135 blocks removed, and in
order to do that, the malicious packets must be reduced to a minimum.
-Jack
