[65507] in North American Network Operators' Group
Re: Have worm? University upgrades network
daemon@ATHENA.MIT.EDU (Sean Donelan)
Mon Dec 1 03:11:37 2003
Date: Mon, 1 Dec 2003 03:11:00 -0500 (EST)
From: Sean Donelan <sean@donelan.com>
To: warner@cats.ucsc.edu
Cc: nanog@merit.edu
In-Reply-To: <200311302344.PAA25639@meow.UCSC.EDU>
Errors-To: owner-nanog-outgoing@merit.edu
On Sun, 30 Nov 2003 warner@cats.ucsc.edu wrote:
> What we (UC Santa Cruz) share with LB is the vendor that will be
> adding scanning to their net-auth box: Perfigo. We have heard of
> the LB plans indirectly through the vendor, but in the context of
> the article, it all fits.
Do people find "self-certification" by end-users actually fixes anything?
Or do users keep on clicking on the "Yes, I'm Clean" button?
In the meantime, you still have to carry the traffic from the infected
computer if only on your quarantine "network." Usually the quarantine LAN
is some type of virtual network, so the underlying bandwidth is still
consumed by the traffic. Its amazing what happens to a registration
server when an infected computer tries to register tens of thousands of
times a minute. Redirecting the user traffic to a quarantine server,
results in that server getting whalloped.
