nanog mailing list archives

and here are some answers [was: Quarantine your infected users spreading malware]

From: Gadi Evron <ge () linuxbox org>
Date: Tue, 21 Feb 2006 02:27:05 +0200


Edward W. Ray wrote:

IMHO, a user should have to demonstrate a minimum amount of expertise and
have a up-to-date AV, anti-spyware and firewall solution for their PCs.


That is why we have hundreds of millions of bots in the wild.

The mostly-user ISP's will have to eventually do something or end upbeing either regulated, spending more and more and more on tech supportand/OR abuse personnel, or written down as blackhat AS's.

Some PRODUCTS, PRO and AGAINST links from people on quarantining ofinfected users, thanks to all those who shared so far!


Products so far (haven't tried or verified them myself):
http://www.rommon.com/sandbox.html
http://www.forescout.com/index.php?url=products&section=counteract

Other:

Eric Gauthier's Ethernet-oriented quarantine system (from NANOG in2003): http://www.nanog.org/mtg-0402/gauthier.html


Other choice papers from Jose's blog:
http://www.iab.org/documents/docs/2003-10-18-edge-filters.html
http://www.csl.sri.com/users/linda/bibs/publications/mmsm2005.pdf
http://www.csl.sri.com/papers/sri-csl-2005-03/
http://www.cs.wfu.edu/~fulp/Papers/iiaw05t.pdf
http://www.icir.org/vern/worm04/porras.pdf
http://www.icir.org/vern/worm04/xiong.pdf
http://www.cs.rpi.edu/research/pdf/05-01.pdf

        Gadi.

Current thread:

Re: Quarantine your infected users spreading malware, (continued)
- - - Re: Quarantine your infected users spreading malware Vicky Røde (Feb 21)
- RE: Quarantine your infected users spreading malware Frank Bulk (Feb 20)
  - Re: Quarantine your infected users spreading malware Gadi Evron (Feb 20)
    - RE: Quarantine your infected users spreading malware Frank Bulk (Feb 20)
- Re: Quarantine your infected users spreading malware eric-list-nanog (Feb 20)
  - Re: Quarantine your infected users spreading malware Gadi Evron (Feb 20)
    - Re: Quarantine your infected users spreading malware James (Feb 21)
- Re: Quarantine your infected users spreading malware Scott Weeks (Feb 20)
  - Re: Quarantine your infected users spreading malware Gadi Evron (Feb 20)
  - RE: Quarantine your infected users spreading malware Edward W. Ray (Feb 20)
    - and here are some answers [was: Quarantine your infected users spreading malware] Gadi Evron (Feb 20)
    - Re: and here are some answers [was: Quarantine your infected users spreading malware] bmanning (Feb 20)
    - Re: and here are some answers [was: Quarantine your infected users spreading malware] Rob Thomas (Feb 20)
    - Re: and here are some answers [was: Quarantine your infected users spreading malware] Christopher L. Morrow (Feb 20)
    - Re: and here are some answers [was: Quarantine your infected users spreading malware] Gadi Evron (Feb 20)
    - Re: and here are some answers [was: Quarantine your infected users spreading malware] Valdis . Kletnieks (Feb 20)
    - Re: and here are some answers [was: Quarantine your infected users spreading malware] Jim Segrave (Feb 21)
    - Re: and here are some answers [was: Quarantine your infected users spreading malware] John Curran (Feb 21)
    - Re: and here are some answers [was: Quarantine your infected users spreading malware] John Curran (Feb 21)
    - Re: and here are some answers [was: Quarantine your infected users spreading malware] Jim Segrave (Feb 21)
    - Re: and here are some answers [was: Quarantine your infected users spreading malware] Sean Donelan (Feb 20)

(Thread continues...)