[c-nsp] Product suggestions for internal worm/virus/compromise mitigation

Chris Cappuccio chris at nmedia.net
Tue Jun 14 16:00:11 EDT 2005


I have several customers who have open customer access (such as hotels, 
campgrounds, coffee shops, etc..) who often have customers coming and going
(staying a week or less generally).  Many people who come in want public
IPs because they can't do NAT-T or something along those lines and want
their VPN crap to work.  So, some of these customers of mine actually
hand out public IPs.   To make a long story short, their customers
either 1. get infected while there or 2. come in with infected machines
and in any event they end up flooding the network with crap.

What are some easy to use boxes out there that they could use to help
identify which customers of theirs are doing what (flooding, spreading
worms, spamming, etc) and shut them off accordingly ?

These are people who need something fairly easy to use, mostly point
and click type of stuff, that will give them a lot of information so
they can keep their networks under control.  I typically stay out of
this realm, I spend most of my time with simple libpcap based applications,
so I am looking for commercial suggestions.  Products like those from
Arbor Networks and Esphion look like they may be a little too much for
what my customers need, and probably too expensive for most as well.  But
if that is what it takes, I'd like to know.  

Thanks,

-c


More information about the cisco-nsp mailing list