[63385] in North American Network Operators' Group
Re: ISP network registration virus scan
daemon@ATHENA.MIT.EDU (Sean Donelan)
Fri Oct 3 20:57:59 2003
Date: Fri, 3 Oct 2003 20:57:20 -0400 (EDT)
From: Sean Donelan <sean@donelan.com>
To: Alex Lambert <alambert@quickfire.org>
Cc: nanog@merit.edu
In-Reply-To: <3F7E0BF6.7020004@quickfire.org>
Errors-To: owner-nanog-outgoing@merit.edu
On Fri, 3 Oct 2003, Alex Lambert wrote:
> > The university netreg lists has a frequently asked question if its
> > possible to perform a virus scan of new computers as part of the network
> > registration process. So far, people have only been able to do a network
> > scan (e.g. open ports), or some version of proxy check or nessus.
>
> The University of Florida has implemented something like this.
> Apparently, they have a client-side app that detects malware...and P2P
> apps. Interesting concept but it's understandably not being received well.
>
> http://yro.slashdot.org/yro/03/10/03/1643202.shtml
That's just a normal network traffic flow monitor, it doesn't actually
check the user's computer.
The issue is how to check the computer is "fixed" after the user claims
its fixed. Or do you just keep repeating the cycle of user claims the
computer is fixed, enable the port, computer attacks other stuff, disable
the port, user claims its fixed, repeat.
