Re: ISP network registration virus scan

[Ryan Dobrynski <ryan () viaccess net>]

for most virus type stuff i find an acl on thier nearest interface to
both deny and log thier traffic patterns is helpfull. im not sure how
feasable that would be on a larger network. i've only got about 10k
users so the above is not yet unreasonable.



On Fri, 3 Oct 2003, Sean
Donelan wrote:

> Date: Fri, 3 Oct 2003 20:57:20 -0400 (EDT)
> From: Sean Donelan <sean () donelan com>
> To: Alex Lambert <alambert () quickfire org>
> Cc: nanog () merit edu
> Subject: Re: ISP network registration virus scan
>
>
> On Fri, 3 Oct 2003, Alex Lambert wrote:
> > > The university netreg lists has a frequently asked question if its
> > > possible to perform a virus scan of new computers as part of the network
> > > registration process.  So far, people have only been able to do a network
> > > scan (e.g. open ports), or some version of proxy check or nessus.
> >
> > The University of Florida has implemented something like this.
> > Apparently, they have a client-side app that detects malware...and P2P
> > apps. Interesting concept but it's understandably not being received well.
> >
> > http://yro.slashdot.org/yro/03/10/03/1643202.shtml
>
> That's just a normal network traffic flow monitor, it doesn't actually
> check the user's computer.
>
> The issue is how to check the computer is "fixed" after the user claims
> its fixed.  Or do you just keep repeating the cycle of user claims the
> computer is fixed, enable the port, computer attacks other stuff, disable
> the port, user claims its fixed, repeat.

Ryan Dobrynski
Hat-Swapping Gnome
Choice Communications


Like the ski resort of girls looking for husbands and husbands looking
for girls, the situation is not as symmetrical as it might seem.