nanog mailing list archives
Re: The worst abuse e-mail ever, sverige.net
From: Jeff Wheeler <jwheeler () usip org>
Date: Tue, 21 Sep 2004 20:01:55 -0400
I'll admit to not knowing too much about this project, but what you are describing sounds similar in part to the Network Admission Control that Cisco is pushing - an automated way of ensuring user machines are protected before being admitted on to the network.
Here is a link to their site on the subject:http://www.cisco.com/en/US/netsol/ns466/ networking_solutions_white_paper0900aecd800fdd66.shtml
- Jeff On Sep 21, 2004, at 6:00 PM, james edwards wrote:
The port 25 blocking seemed like a real good idea. -MI disagree. Port blocking does not change user behavior & it is user behavior that is causing this problem.Blocking just hides it. I used to believe in port blocking as the solutionto many user problems but now I have 3 and 4 page ACL'son my border routers. This does not scale. Yes, I could push this out viaradius to the NAS but again this does not solve the problem.I feel blocking just pushes us closer to ports loosing their uniqueness, aswe have seen with PTP filesharing.The solution I am working toward is quickly identifying user infections. Weare almost there. I collect and recordall traffic from the users going to dark space and am almost finished withthe system that will identify who held thatIP at a specific time. It is all in SQL so that is easy. We already have asystem in place where users, after multiple virus problems,must obtain protection software prior to being re-enabled. Ramping up theamount of proof we have at hand will allow us to enforce our existing AUP.The key to changing a behavior is to create consequences to this behavior. Ihave noticed we never have problems getting a user to get virus/firewall software after they pay to have their box disinfected. Hit the users first with e-mails, then phone contact,ending with being shut off should create the consequences needed to changetheir behavior. james
Current thread:
- Re: FW: The worst abuse e-mail ever, sverige.net, (continued)
- Re: FW: The worst abuse e-mail ever, sverige.net Randy Bush (Sep 22)
- Re: FW: The worst abuse e-mail ever, sverige.net John Curran (Sep 22)
- Re: FW: The worst abuse e-mail ever, sverige.net Randy Bush (Sep 22)
- Re: The worst abuse e-mail ever, sverige.net Patrick W Gilmore (Sep 22)
- Re: FW: The worst abuse e-mail ever, sverige.net Robert E . Seastrom (Sep 22)
- Re: FW: The worst abuse e-mail ever, sverige.net Lars-Johan Liman (Sep 23)
- Re: FW: The worst abuse e-mail ever, sverige.net Paul Wouters (Sep 22)
- Questinair about email policy records to indicate proper source of email (RE: FW: The worst abuse e-mail ever, sverige.net) william(at)elan.net (Sep 22)
- Re: Questinair about email policy records to indicate proper source of email (RE: FW: The worst abuse e-mail ever, sverige.net) Ricardo "Rick" Gonzalez (Sep 22)
- Re: The worst abuse e-mail ever, sverige.net Jeff Wheeler (Sep 21)
- Re: The worst abuse e-mail ever, sverige.net Lars-Johan Liman (Sep 23)
- Re: The worst abuse e-mail ever, sverige.net Mike Nice (Sep 23)
- Re: The worst abuse e-mail ever, sverige.net james edwards (Sep 23)
- Re: FW: The worst abuse e-mail ever, sverige.net Lars-Johan Liman (Sep 23)