North American Network Operators Group

Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

Re: ISP network registration virus scan

  • From: Ryan Dobrynski
  • Date: Sat Oct 04 00:07:06 2003

for most virus type stuff i find an acl on thier nearest interface to
both deny and log thier traffic patterns is helpfull. im not sure how
feasable that would be on a larger network. i've only got about 10k
users so the above is not yet unreasonable.



On Fri, 3 Oct 2003, Sean
Donelan wrote:

> Date: Fri, 3 Oct 2003 20:57:20 -0400 (EDT)
> From: Sean Donelan <sean@donelan.com>
> To: Alex Lambert <alambert@quickfire.org>
> Cc: nanog@merit.edu
> Subject: Re: ISP network registration virus scan
>
>
> On Fri, 3 Oct 2003, Alex Lambert wrote:
> > > The university netreg lists has a frequently asked question if its
> > > possible to perform a virus scan of new computers as part of the network
> > > registration process.  So far, people have only been able to do a network
> > > scan (e.g. open ports), or some version of proxy check or nessus.
> >
> > The University of Florida has implemented something like this.
> > Apparently, they have a client-side app that detects malware...and P2P
> > apps. Interesting concept but it's understandably not being received well.
> >
> > http://yro.slashdot.org/yro/03/10/03/1643202.shtml
>
> That's just a normal network traffic flow monitor, it doesn't actually
> check the user's computer.
>
> The issue is how to check the computer is "fixed" after the user claims
> its fixed.  Or do you just keep repeating the cycle of user claims the
> computer is fixed, enable the port, computer attacks other stuff, disable
> the port, user claims its fixed, repeat.
>
>

Ryan Dobrynski
Hat-Swapping Gnome
Choice Communications


Like the ski resort of girls looking for husbands and husbands looking
for girls, the situation is not as symmetrical as it might seem.