We keep hearing about crypto-malware spreading and one of the last ones I heard, the report was that IT staff was actively shutting down devices and unplugging cables.
Obviously this is not a great strategy for preventing the spread of crypto-malware, but...what if we had an elegant mechanism for doing this?
I've got scripts that automatically walk through switches and figure out neighborships, I could write something that could figure out if a port is: a) an access port, b) not a trunk port, c) not a port with 3+ MAC addresses on it and likely a switch, d) a VMware MAC in which case it is shutdown, e) lldp or cdp info shows if it is a switch or router, f) not the port facing the default gateway etc etc.
Assuming all those conditions are met, we might be able to have a network OFF switch. This is far more elegant than running around shutting down switches and pulling cables, and it allows admins to slowly restore service to the network as they proceed with cleaning systems.
So I can do this. But maybe someone else has done something already? Or maybe it is just a stupid idea and it isn't worth looking into.
No comments:
Post a Comment