nanog mailing list archives
Re: Quarantining infected hosts (Was: FBI tells the public to call their ISP for help)
From: Jeroen Massar <jeroen () unfix org>
Date: Mon, 18 Jun 2007 12:41:41 +0100
Suresh Ramasubramanian wrote:
On 6/17/07, Jeroen Massar <jeroen () unfix org> wrote:IMHO ISPs should per default simply feed port 25 outbound through their own SMTP relays. BUT always have a very easy way (eg a Control Panel behind a user/pass on a website) to disable this kind of filtering. ThisY'know, port 25 is just the tip of the iceberg when it comes to what all an infected host can do ..
Of course, though 25 is (afaik ;) the most abused one that will annoy a lot of other folks with spam, phishings and virus distribution, though the latter seems to have come to a near halt from what I see.
which is why quite a lot of ISPs (Bell Canada is particularly good at it, as are some others) are getting good at deploying "Walled Gardens" - vlan the infected host into its own little sandbox from where it can access only windows update, AV update sites and the ISP's support pages, nothing else, on any port. The user has to fix (disinfect, reimage, whatever) his host before he contacts the ISP support desk and gets let back onto their network.
That is IMHO really the only way to go. People who get hit by that once, or maybe even twice will make sure it doesn't happen the third time. Support costs will effectively sink because of such a system as it will avoid those hosts from infecting others hosts, to be part of bot nets, spam attacks etc etc etc. (Especially for managers: Lower your TCO! Drive Business! $buzzword!) I tip my hat to the Bell Canada folks for having such a system! Greets, Jeroen
Attachment:
signature.asc
Description: OpenPGP digital signature
Current thread:
- Re: FBI tells the public to call their ISP for help, (continued)
- Re: FBI tells the public to call their ISP for help Sean Donelan (Jun 14)
- Re: FBI tells the public to call their ISP for help Roland Dobbins (Jun 14)
- RE: FBI tells the public to call their ISP for help Frank Bulk (Jun 16)
- Re: FBI tells the public to call their ISP for help Jeroen Massar (Jun 16)
- RE: FBI tells the public to call their ISP for help Frank Bulk (Jun 16)
- Quarantining infected hosts (Was: FBI tells the public to call their ISP for help) Jeroen Massar (Jun 17)
- Re: Quarantining infected hosts (Was: FBI tells the public to call their ISP for help) Sean Donelan (Jun 17)
- RE: Assigning a fine (Was: Quarantining infected hosts (Was: FBI tells the public to call their ISP for help)) Frank Bulk (Jun 18)
- Re: Assigning a fine (Was: Quarantining infected hosts (Was: FBI tells the public to call their ISP for help)) Leigh Porter (Jun 18)
- Re: Quarantining infected hosts (Was: FBI tells the public to call their ISP for help) Suresh Ramasubramanian (Jun 18)
- Re: Quarantining infected hosts (Was: FBI tells the public to call their ISP for help) Jeroen Massar (Jun 18)
- Re: Quarantining infected hosts (Was: FBI tells the public to call their ISP for help) Suresh Ramasubramanian (Jun 18)
- Re: Quarantining infected hosts (Was: FBI tells the public to call their ISP for help) Sean Donelan (Jun 18)
- Re: Quarantining infected hosts (Was: FBI tells the public to call their ISP for help) Suresh Ramasubramanian (Jun 18)
- Re: Quarantining infected hosts (Was: FBI tells the public to call their ISP for help) Sean Donelan (Jun 18)
- Re: Quarantining infected hosts (Was: FBI tells the public to call their ISP for help) Suresh Ramasubramanian (Jun 18)
- Re: Quarantining infected hosts (Was: FBI tells the public to call their ISP for help) Sean Donelan (Jun 18)
- Re: Quarantining infected hosts (Was: FBI tells the public to call their ISP for help) Suresh Ramasubramanian (Jun 18)
- Re: Quarantining infected hosts (Was: FBI tells the public to call their ISP for help) Per Heldal (Jun 18)
- Re: Quarantining infected hosts (Was: FBI tells the public to call their ISP for help) Suresh Ramasubramanian (Jun 18)
- Re: Quarantining infected hosts (Was: FBI tells the public to call their ISP for help) Jack Bates (Jun 18)