nanog mailing list archives
Re: Quarantine your infected users spreading malware
From: Bill Nash <billn () odyssey billn net>
Date: Wed, 1 Mar 2006 10:25:18 -0500 (EST)
On Wed, 1 Mar 2006, David Nolan wrote:
Yeah, but it's not near as fun as dynamic acls updated via a script monitoring flow logs in real-time. It's definitely easier to implement, though.Interesting... Thats actually basically what we were doing before, but phased out in favor of the URPF & host routes approach. We felt the URPF approach was much cleaner, and more efficient. A routing table lookup is more efficient then a acl processing, particulary if you have significant numbers of rou and solved some problems we were having. It also solved some issues we had, including keeping dynamic acls synchronized betwen two redundant routers (HSRP pairs and/or redundant border routers).
I think when he said fun, he meant 'masochistic and nerve wracking, in a vaguely entertaining because we have scripts issuing and removing ACLs from our routing core kind of way.' I've built reactive firewalls before, but even I'd be leery of a reactive ACL implementation. /32 null route injection is far far easier to manage. =)
- billn
Current thread:
- Re: Quarantine your infected users spreading malware David Nolan (Mar 01)
- Re: Quarantine your infected users spreading malware Jack Bates (Mar 01)
- Re: Quarantine your infected users spreading malware David Nolan (Mar 01)
- Re: Quarantine your infected users spreading malware Bill Nash (Mar 01)
- Re: Quarantine your infected users spreading malware David Nolan (Mar 01)
- <Possible follow-ups>
- Re: Quarantine your infected users spreading malware JP Velders (Mar 01)
- Re: Quarantine your infected users spreading malware Christopher L. Morrow (Mar 01)
- Re: Quarantine your infected users spreading malware Jack Bates (Mar 01)
- Re: Quarantine your infected users spreading malware David Nolan (Mar 01)
- Re: Quarantine your infected users spreading malware Christopher L. Morrow (Mar 02)
- Re: Quarantine your infected users spreading malware Jim Segrave (Mar 02)
- Re: Quarantine your infected users spreading malware Jim Segrave (Mar 02)
- Re: Quarantine your infected users spreading malware Christopher L. Morrow (Mar 01)
- Re: Quarantine your infected users spreading malware Jack Bates (Mar 01)
- Re: Quarantine your infected users spreading malware Jim Segrave (Mar 02)
- Re: Quarantine your infected users spreading malware Robert E . Seastrom (Mar 02)
- Re: Quarantine your infected users spreading malware Niels Raijer (Mar 02)
- Re: Quarantine your infected users spreading malware Robert E . Seastrom (Mar 02)