On Thu, 6 Sep 2001, Stanley G. Bubrouski wrote: > On Thu, 6 Sep 2001, Emre Yildirim wrote: > > It may sound unreasonable but using access-lists on routers on routers is > great way for companies and providers to stop the spread of Code Red. By > blockign all traffic from a person's machine they are then forced to call > their provider's tech support to report they lost their connection. The > provider then can inform the customer they are infected, explain to them > they must patch their system, remove them from the ACLs, wait 24 hours and > if they show signs they are patched then do not reapply the ACL. Anotehr > way is to turn on router and firewall logging and use ACLs to log http > traffic and filter out Code Red infected users and call them and e-mail > them the patches. This doesn't block the user from accessing the network > like the first method does, but it also doesn't prevent the infected user > from infecting more people on the net and congesting the network. > here here! now, to put some teeth into the process so it really works, and some @home or other ISP is not "reluctant" to turn off access until the offender is fixed. Thanks, Ron DuFresne ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ "Cutting the space budget really restores my faith in humanity. It eliminates dreams, goals, and ideals and lets us get straight to the business of hate, debauchery, and self-annihilation." -- Johnny Hart ***testing, only testing, and damn good at it too!*** OK, so you're a Ph.D. Just don't touch anything.
This archive was generated by hypermail 2b30 : Thu Sep 06 2001 - 23:04:57 PDT