Re: [Re: Have worm? University upgrades network]
Sean Donelan <sean@donelan.com> wrote:
Do people find "self-certification" by end-users actually fixes anything?
depends on how badly they want to get back on that interweb-thing...and how clueful they are (or can be made to be). if the penalties for not being clean are steep enough (no interweb privileges for a semester), then i think they will do it right.
Or do users keep on clicking on the "Yes, I'm Clean" button?
In the meantime, you still have to carry the traffic from the infected computer if only on your quarantine "network." Usually the quarantine LAN is some type of virtual network, so the underlying bandwidth is still consumed by the traffic. Its amazing what happens to a registration server when an infected computer tries to register tens of thousands of times a minute. Redirecting the user traffic to a quarantine server, results in that server getting whalloped.
i would hope that you are filtering and rate-limiting upstream traffic, and that you have built the server with sufficient horsepower and self-preservation hooks that it would survive. ftp or http don't require too much upstream, and you probably don't need to allow much else from the users computers /joshua "Walk with me through the Universe, And along the way see how all of us are Connected. Feast the eyes of your Soul, On the Love that abounds. In all places at once, seemingly endless, Like your own existence." - Stephen Hawking -
On Mon, 1 Dec 2003, joshua sahala wrote:
Do people find "self-certification" by end-users actually fixes anything?
depends on how badly they want to get back on that interweb-thing...and how clueful they are (or can be made to be). if the penalties for not being clean are steep enough (no interweb privileges for a semester), then i think they will do it right.
Ah, you mean the same policies they previously agreed to follow worked so well to keep their computers up-to-date and virus-free will work in this case too? If the policies were working, why install new systems? In order to fix something, you first have to understand what is broken.
i would hope that you are filtering and rate-limiting upstream traffic, and that you have built the server with sufficient horsepower and self-preservation hooks that it would survive. ftp or http don't require too much upstream, and you probably don't need to allow much else from the users computers
Dynamic application of queue policies on every port on your network? A single infected computer can wipe out an WiFi area, even if you have an upstream filter on the access point. Unless there is a way for the network to push the filter onto the computer's NIC, the network has to sustain the load from the worm even if it drops the packets. With 802.1x (or PPP or however you authenticate), it would be nice if the network could securely negotiate filters for the NIC side of the connection.
would be nice if microsoft had some sort of "launcher" like you see on all the good mmorpg's. pop open the launcher and it checks for updates and antivirus BEFORE it lets you out of jail to the rest of the world. prolly make em a few $$ in deals with an antivirus company. i think it'd be the one money grubbing feature of windows that i would actually like.. course the patch server goes down and you just hosed everyone off the internet... wait a sec... *grins* On Mon, 1 Dec 2003, Sean Donelan wrote:
Date: Mon, 1 Dec 2003 09:49:34 -0500 (EST) From: Sean Donelan <sean@donelan.com> To: joshua sahala <joshua.ej.smith@usa.net> Cc: nanog@merit.edu Subject: Re: [Re: Have worm? University upgrades network]
On Mon, 1 Dec 2003, joshua sahala wrote:
Do people find "self-certification" by end-users actually fixes anything?
depends on how badly they want to get back on that interweb-thing...and how clueful they are (or can be made to be). if the penalties for not being clean are steep enough (no interweb privileges for a semester), then i think they will do it right.
Ah, you mean the same policies they previously agreed to follow worked so well to keep their computers up-to-date and virus-free will work in this case too? If the policies were working, why install new systems?
In order to fix something, you first have to understand what is broken.
i would hope that you are filtering and rate-limiting upstream traffic, and that you have built the server with sufficient horsepower and self-preservation hooks that it would survive. ftp or http don't require too much upstream, and you probably don't need to allow much else from the users computers
Dynamic application of queue policies on every port on your network? A single infected computer can wipe out an WiFi area, even if you have an upstream filter on the access point. Unless there is a way for the network to push the filter onto the computer's NIC, the network has to sustain the load from the worm even if it drops the packets.
With 802.1x (or PPP or however you authenticate), it would be nice if the network could securely negotiate filters for the NIC side of the connection.
Ryan Dobrynski Hat-Swapping Gnome Choice Communications Like the ski resort of girls looking for husbands and husbands looking for girls, the situation is not as symmetrical as it might seem.
On Mon, 1 Dec 2003, Ryan Dobrynski wrote:
would be nice if microsoft had some sort of "launcher" like you see on all the good mmorpg's. pop open the launcher and it checks for updates and antivirus BEFORE it lets you out of jail to the rest of the world.
Heck, I'm just asking for simple stuff like Microsoft supporting the rest of the PPP protocol, and displayed the Reply-Message sent by the network to the computer's user instead of thowing it away. That way you could tell the user why the network is rejecting the access, instead of the generic Microsoft error message. Instead of using the features built into the protocol, because Windows doesn't support the PPP messages, everyone else has to come up with other ways to inform users what's wrong.
participants (3)
-
joshua sahala -
Ryan Dobrynski -
Sean Donelan