nanog mailing list archives
Re: Automatic shutdown of infected network connections
From: "Matthew S. Hallacy" <poptix () techmonkeys org>
Date: Wed, 3 Sep 2003 10:45:26 -0500
On Wed, Sep 03, 2003 at 07:20:28AM -0500, Nathan E Norman wrote:
On Wed, Sep 03, 2003 at 07:39:17AM -0500, Matthew S. Hallacy wrote:Why in the world would you do that? the DOCSIS specification allows for filtering rules at the CPE, which means you could simply block icmp echo and ports 135-139+445 directly at their home network, causing no load whatsoever on your network, _and_ no more infected boxes (even at 56k).The modem _is_ the CPE. There's no load on the network; just CPU on the modem. "modem config" != "CMTS config".
I think that's exactly what I said, perhaps you misread my comment. My point was that you're rate limiting and filtering customers for no reason when you have the ability to filter the attack vectors in a very effective and 'clean' way. You should consider leaving those ports filtered seeing how they're the #1 way for windows systems to be infected/hijacked. -- Matthew S. Hallacy FUBAR, LART, BOFH Certified http://www.poptix.net GPG public key 0x01938203
Current thread:
- Re: Automatic shutdown of infected network connections Jonathan Crockett (Sep 02)
- Re: Automatic shutdown of infected network connections Matthew S. Hallacy (Sep 03)
- Re: Automatic shutdown of infected network connections Nathan E Norman (Sep 03)
- Re: Automatic shutdown of infected network connections Matthew S. Hallacy (Sep 03)
- Re: Automatic shutdown of infected network connections Nathan E Norman (Sep 03)
- Re: Automatic shutdown of infected network connections Matthew S. Hallacy (Sep 03)
- Re: Automatic shutdown of infected network connections Nathan E Norman (Sep 03)
- Message not available
- Re: Automatic shutdown of infected network connections Nathan E Norman (Sep 03)
- Re: Automatic shutdown of infected network connections Matthew S. Hallacy (Sep 03)
- Re: Automatic shutdown of infected network connections Mike Tancsa (Sep 03)
- Re: Automatic shutdown of infected network connections Roland Perry (Sep 03)
- <Possible follow-ups>
- Re: Automatic shutdown of infected network connections Chris Lewis (Sep 03)