On Sat, 02 Nov 2019 14:49:58 -0400, Christopher Morrow said:
I think the disconnect idea is actually a good one... I don't know that I want to DO IT, but :) it certainly seems like a reasonable disaster recovery planning exercise :) (likely doing it is the only way to really suss out the problems though)
Some of us remember disconnecting the uplink when the Morris Worm first started wandering around, and then wondering how we were going to get news of the details so we could patch our boxen so it would be safe to reconnect the cable to the router.... As more systems moved to secure update distribution schemes with only allowing vendor-signed patches from https:// secured trusted sites, we may find ourselves in a similar "don't dare be only, but have to be to fix the problem" mess if a worm gets loose... (Yes, you can probably ACL the router. Not the sort of thing you want to be doing at oh-dark-thirty if you don't know what ACL is safe to use and you are cut off from a lot of info sources...)