North American Network Operators Group|
Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical
Re: ISP network registration virus scan
for most virus type stuff i find an acl on thier nearest interface to both deny and log thier traffic patterns is helpfull. im not sure how feasable that would be on a larger network. i've only got about 10k users so the above is not yet unreasonable. On Fri, 3 Oct 2003, Sean Donelan wrote: > Date: Fri, 3 Oct 2003 20:57:20 -0400 (EDT) > From: Sean Donelan <firstname.lastname@example.org> > To: Alex Lambert <email@example.com> > Cc: firstname.lastname@example.org > Subject: Re: ISP network registration virus scan > > > On Fri, 3 Oct 2003, Alex Lambert wrote: > > > The university netreg lists has a frequently asked question if its > > > possible to perform a virus scan of new computers as part of the network > > > registration process. So far, people have only been able to do a network > > > scan (e.g. open ports), or some version of proxy check or nessus. > > > > The University of Florida has implemented something like this. > > Apparently, they have a client-side app that detects malware...and P2P > > apps. Interesting concept but it's understandably not being received well. > > > > http://yro.slashdot.org/yro/03/10/03/1643202.shtml > > That's just a normal network traffic flow monitor, it doesn't actually > check the user's computer. > > The issue is how to check the computer is "fixed" after the user claims > its fixed. Or do you just keep repeating the cycle of user claims the > computer is fixed, enable the port, computer attacks other stuff, disable > the port, user claims its fixed, repeat. > > Ryan Dobrynski Hat-Swapping Gnome Choice Communications Like the ski resort of girls looking for husbands and husbands looking for girls, the situation is not as symmetrical as it might seem.