[c-nsp] Product suggestions for internal worm/virus/compromisemitigation

Matt Buford matt at overloaded.net
Tue Jun 14 19:42:04 EDT 2005


Chris Cappuccio wrote:
> I have several customers who have open customer access (such as hotels,
> campgrounds, coffee shops, etc..) who often have customers coming and 
> going
> (staying a week or less generally).  Many people who come in want public
> IPs because they can't do NAT-T or something along those lines and want
> their VPN crap to work.  So, some of these customers of mine actually
> hand out public IPs.   To make a long story short, their customers
> either 1. get infected while there or 2. come in with infected machines
> and in any event they end up flooding the network with crap.

This doesn't answer your question, but the problem can be mitigated with the 
right setup.  Private VLANs can keep hosts from reaching each other, and a 
stateful firewall between the Internet and the hosts can allow them to have 
public IPs without being reachable from outside scans.  This doesn't do 
anything for detection of those already infected when they arrived, but it 
does make it unlikely that people will become infected while on these 
networks.



More information about the cisco-nsp mailing list