North American Network Operators Group|
Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical
Re: Quarantine your infected users spreading malware
David Nolan wrote: <snip>
Yeah, but it's not near as fun as dynamic acls updated via a script monitoring flow logs in real-time. It's definitely easier to implement, though.
For people utilizing RBE/dhcp combo on Cisco routers, it is also possible to just remove the /32 route that was dynamically created which will kill traffic until the customer requests dhcp again, which will by that time place them in the quarantine. One advantage to temp route removal is that it requires no cleanup. Just make sure you don't wipe out your permanent static routes.