[nsp] redirecting infected users
Streiner, Justin
streiner at stargate.net
Mon Sep 15 16:14:01 EDT 2003
Has anyone experimented with using something like WCCP to selectively
redirect all outbound HTTP connections from users infected with one of the
recent Windows RPC DCOM worms to a patch site?
I'm trying to find a way to streamline the process of hitting infected
users with the clue-by-four while still allowing them some form of access
solely to download the patches and require manual verification on our part
before the users will be allowed to have normal access again.
The bulk of these are regular ISP customers that don't go through a proxy
server or a transparent cache to surf the web.
If you're doing this or something like it now, I'd be very interested to
hear what you're doing.
jms
More information about the cisco-nsp
mailing list