[89078] in North American Network Operators' Group
Re: Quarantine your infected users spreading malware
daemon@ATHENA.MIT.EDU (Jim Segrave)
Thu Mar 2 06:08:00 2006
Date: Thu, 2 Mar 2006 12:02:37 +0100
From: Jim Segrave <jes@nl.demon.net>
To: "Christopher L. Morrow" <christopher.morrow@verizonbusiness.com>
Cc: JP Velders <jpv@veldersjes.net>, nanog@merit.edu
Reply-To: jes@nl.demon.net
Mail-Followup-To: Jim Segrave <jes@nl.demon.net>,
"Christopher L. Morrow" <christopher.morrow@verizonbusiness.com>,
JP Velders <jpv@veldersjes.net>, nanog@merit.edu
In-Reply-To: <Pine.GSO.4.58.0603011628531.9741@marvin.argfrp.us.uu.net>
Errors-To: owner-nanog@merit.edu
On Wed 01 Mar 2006 (16:33 +0000), Christopher L. Morrow wrote:
>
>
> On Wed, 1 Mar 2006, JP Velders wrote:
>
> >
> > > Date: Tue, 28 Feb 2006 18:50:29 +0000 (GMT)
> > > From: Christopher L. Morrow <christopher.morrow@verizonbusiness.com>
> > > To: nanog@merit.edu
> > > Subject: Re: Quarantine your infected users spreading malware
> >
> > > On Tue, 28 Feb 2006, Jim Segrave wrote:
> >
> > > > www.quarantainenet.nl
> >
> > > > It puts them in a protected environment where they can get cleaned up
> > > > on-line without serious risk of re-infection. They can pop their
> > > > e-mail, reply via webmail, but they can't connect to anywhere except a
> > > > list of update sites.
> >
> > > there was little in the way of 'how' in the link above though :(
> >
> > Well, it's very much dependant on your own network.
> > >From what I know (from presentations of the folk behind Qnet, and
> > talks with people actually using it) is that they have a sort of
> > "export" module, which allows you to either output the IP's, or parse
> > them such that you get a crafted DHCP entry, or special MAC address
> > based "alternate VLAN" statement for on a switch etc.
>
> which is fabulous for those of you with ethernet... without ethernet most
> of these solutions fall on their faces and die the horrid death of an
> enterprise product :( Now, they say: "Works great on carrier networks"...
> my question was "how" and "perhaps with a little less hand-waviness
> please?"
You could have answered your own questions, for your own network, in
the same amount of time as writing these postings to nanog, by asking
the company.
--
Jim Segrave jes@nl.demon.net
