[89084] in North American Network Operators' Group
Re: Quarantine your infected users spreading malware
daemon@ATHENA.MIT.EDU (Robert E.Seastrom)
Thu Mar 2 08:01:13 2006
To: Jim Segrave <jes@nl.demon.net>
Cc: "Christopher L. Morrow" <christopher.morrow@verizonbusiness.com>,
Bill Nash <billn@odyssey.billn.net>, nanog@merit.edu
From: Robert E.Seastrom <rs@seastrom.com>
Date: Thu, 02 Mar 2006 07:57:14 -0500
In-Reply-To: <20060302110044.GG50858@nl.demon.net> (Jim Segrave's message of
"Thu, 2 Mar 2006 12:00:44 +0100")
Errors-To: owner-nanog@merit.edu
Jim Segrave <jes@nl.demon.net> writes:
>> On Tue, 28 Feb 2006, Bill Nash wrote:
>>
>> > The simplest method is to issue a different gateway to a registry of known
>> > offenders, forcing their into a restrictive environment that blocks all
>> > ports, and uses network translation tricks to redirect all web traffic to
>> > a portal.
>
> You did think of contacting them and asking? You know, e-mail, fax,
> telephone, that sort of thing?
Yes, we did think of that sort of thing. Those of us with even the
slightest notion of business and profitability constraints promptly
discarded the idea of getting a human into the loop. Ideally you just
automatically add them to the broken stuff database, notify/incent
them to fix things (by adding them to the quarantine group), and have
them take care of themselves by following the directions found
therein, and NOT involving your call center.
---Rob
