[c-nsp] Product suggestions for internal
worm/virus/compromisemitigation
Matt Buford
matt at overloaded.net
Tue Jun 14 19:42:04 EDT 2005
Chris Cappuccio wrote:
> I have several customers who have open customer access (such as hotels,
> campgrounds, coffee shops, etc..) who often have customers coming and
> going
> (staying a week or less generally). Many people who come in want public
> IPs because they can't do NAT-T or something along those lines and want
> their VPN crap to work. So, some of these customers of mine actually
> hand out public IPs. To make a long story short, their customers
> either 1. get infected while there or 2. come in with infected machines
> and in any event they end up flooding the network with crap.
This doesn't answer your question, but the problem can be mitigated with the
right setup. Private VLANs can keep hosts from reaching each other, and a
stateful firewall between the Internet and the hosts can allow them to have
public IPs without being reachable from outside scans. This doesn't do
anything for detection of those already infected when they arrived, but it
does make it unlikely that people will become infected while on these
networks.
More information about the cisco-nsp
mailing list