Full Disclosure mailing list archives
Re: what can be done with botnet C&C's? (fwd)
From: "Dude VanWinkle" <dudevanwinkle () gmail com>
Date: Mon, 14 Aug 2006 14:27:14 -0400
On 8/14/06, Valdis.Kletnieks () vt edu <Valdis.Kletnieks () vt edu> wrote:
On Sun, 13 Aug 2006 08:32:16 EDT, Dude VanWinkle said: > When I worked at a university, the students were always getting > compromised till we implemented sandboxing. People DHCP'ing into the > network were placed in a subnet by themselves till a scan revealed > that they had: > 1: up to date AV > 2: up to date patches > 3: a Functioning firewall OK, I'll bite - if you detect a functioning firewall, how do you scan for up to date patches and A/V? Seems like you'd have to have at least a stub client on the machine to answer the "What patchlevel you at?" query.
We had Proventia with an allowed IP address do the scanning. The proventia was pre-configured from when they downloaded the FW. Maybe Comcast or some such could do the same thing, pre-configure the free firewalls they all seem to be giving away, but I doubt it.
(And this is the sort of thing that is easy to force install in a corporate environment where you own the machine. It's also easy to do if you're a regular ISP, and you can get away with saying "If you don't like it, go to another ISP". It's a can of worms when you don't own the machine, and you're a de facto monopoly because the student lives in the dorms - a Hobson's choice "install this or don't get net access" doesn't make you many friends...)
Yeah, thats why I said "This worked really well for stopping infections, but its not something an ISP could do" ;-) I feel you on the student tuition paid bandwidth issue, but I will let you in on a secret: If they sign something saying "i do" you can impose any measures you want :-) The students were actually happy to sign on, as it helped protect their data as well. Most of them were fed up with spyware and the like to the point that they were desperate for help. -JP _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- what can be done with botnet C&C's? (fwd) Gadi Evron (Aug 13)
- Re: what can be done with botnet C&C's? (fwd) Dude VanWinkle (Aug 13)
- Re: what can be done with botnet C&C's? (fwd) Valdis . Kletnieks (Aug 14)
- Re: what can be done with botnet C&C's? (fwd) Dude VanWinkle (Aug 14)
- Re: what can be done with botnet C&C's? (fwd) Valdis . Kletnieks (Aug 14)
- Re: what can be done with botnet C&C's? J. Oquendo (Aug 13)
- <Possible follow-ups>
- Re: what can be done with botnet C&C's? (fwd) Peter Besenbruch (Aug 14)
- Re: what can be done with botnet C&C's? (fwd) Dude VanWinkle (Aug 14)
- Re: what can be done with botnet C&C's? (fwd) Jonathan Glass (gm) (Aug 14)
- Re: what can be done with botnet C&C's? (fwd) Dude VanWinkle (Aug 14)
- Re: what can be done with botnet C&C's? (fwd) Dude VanWinkle (Aug 13)