hackerwacker@cybermesa.com:
The solution I am working toward is quickly identifying user infections. We are almost there. I collect and record all traffic
Umm ... you mean you wire-tap all "my" email messages? (Anyone still wonders why I don't trust my ISP?) I wonder if my Teclo listens in on all my telephone conversations too? And the post office! My letters? (Oops, sorry, shouldn't make analogies. ;-)
from the users going to dark space
Umm ... please define "dark space".
and am almost finished with the system that will identify who held that IP at a specific time. It is all in SQL so that is easy.
Mmm. User privacy in its glory? niceman@att.net:
Our system is similar, except we block port 25 completely via RADIUS after we detect an outgoing virus or spam,
Detect how?
then notify the customer. This eliminates the ACL's on the border routers. The user can still surf freely to download patches while not causing further damage. Some users just don't want to be bothered and just use webmail to send E-mail and keep the block forever.
This latter part is OK. It opens up a way out for those who want to, and a different service for those who don't. Cheers, /Liman