Recently, my
employer has had successive network outages cause by blaster then nachi then
sobig-f. In the case of nachi, for example, a limited number of systems
was able to crash our entire network until we disabled all ping traffic.
Of course, this caused other problems.
Earlier this week I
was travelling on business and staying at a large hotel chain. They had
ethernet service in the rooms. When I connected my laptop to their network
and fired it up, I got a pop-up informing me of the wide distribution of
blaster/nachi and suggesting (but not requiring) that I ensure that my system
was properly patched. The pop-up noted that an unpatched and infected
system might have trouble browsing the web. However, they did not seem
concerned that an infected system might interfere with other users browsing the
web. In fact, my browser functioned quite switftly on their
network.
Which brings us to
my question. Is there a way to harden a network such that infected systems
can live on that network without significantly affecting the bandwidth
swallowed by the other users? What methods are other sysadmins on this
list using to prevent network outages? How are others dealing with
problems such as consultants or others plugging infected or unpatched laptops
into their networks via. DHCP or with home users connecting via.
VPN?
Any suggestions
greatly appreciated.
:)
Joshua Putnam
