[88858] in North American Network Operators' Group
Re: Quarantine your infected users spreading malware
daemon@ATHENA.MIT.EDU (Jason Frisvold)
Tue Feb 21 10:42:49 2006
Date: Tue, 21 Feb 2006 10:42:20 -0500
From: "Jason Frisvold" <xenophage0@gmail.com>
To: "Bill Nash" <billn@odyssey.billn.net>
Cc: Michael.Dillon@btradianz.com, nanog@merit.edu
In-Reply-To: <Pine.LNX.4.64.0602211010530.10478@odyssey.billn.net>
Errors-To: owner-nanog@merit.edu
On 2/21/06, Bill Nash <billn@odyssey.billn.net> wrote:
> If you're talking about a compulsory software solution, why not, as an
> ISP, go back to authenticated activity? Distribute PPPOE clients mated
> with common anti-spyware/anti-viral tools. Pull down and update signature=
s
> *every time* the user logs in, and again periodically while the user is
> logged in (for those that never log out). Require these safeguards to be
> active before they can pass the smallest traffic.
Cost prohibitive.. In order to do that you'll need licenses from the
AV companies..
> The change in traffic flow would necessitate some architecture kung fu,
> maybe even AOL style, but you'd have the option of selectively picking ou=
t
> reported malicious/infected users (*cough* ThreatNet *cough*) and routing
> them through packet inspection frameworks on a case by case basis. Quite
> possibly, you could even automate that and the users would never be the
> wiser.
And then the privacy zealots would be livid.. Silently re-routing
traffic like that.. How dare you suggest such a ... wait.. hrm..=20
The internet basically does this already.. I wonder if the zealots
are aware of that.. :)
> - billn
--
Jason 'XenoPhage' Frisvold
XenoPhage0@gmail.com
