nanog mailing list archives
Re: What do you want your ISP to block today?
From: Ray Wong <rayw () rayw net>
Date: Sat, 30 Aug 2003 12:13:45 -0700
On Sat, Aug 30, 2003 at 02:53:46PM -0400, Valdis.Kletnieks () vt edu wrote:
On Sat, 30 Aug 2003 14:09:40 EDT, Joe Abley said:That won't save them when the time required to download the patch set is an order of magnitude greater than the mean time to infection.This, in fact, is the single biggest thorn in our side at the moment. It's hard to adopt a pious "patch your broken box" attitude when the user can't get it patched without getting 0wned first...
how about ACLing them? upstream from customer: permit udp <customer> <ISP's nameservers> port 53 permit tcp <customer> <windowsupdaterange> port 80(?) for as much of the windows update range as can be found. Since they've recently akamai'zed, this is somewhat predictable. Downstream, you can either setup stateful, or just be lazy and hope that allowing estab flag is enough... ACL can be either templated or genericized for the OS. (replacing <customer> with any means the customer pvc (assuming DSL) can only hit microsoft regardless of spoofing. Similar ACLs can be setup for Solaris, OSX, even various flavors of linux. being able to at least semi-automate router config changes is a requisite, but not insurmountable. This will, no doubt, increase support calls. How much compared to a pervasive work is left as an exercise to the reader. -- Ray Wong rayw () rayw net
Current thread:
- RE: What do you want your ISP to block today?, (continued)
- RE: What do you want your ISP to block today? Terry Baranski (Aug 29)
- Re: What do you want your ISP to block today? Valdis . Kletnieks (Aug 29)
- Re: What do you want your ISP to block today? Owen DeLong (Aug 29)
- Re: What do you want your ISP to block today? Valdis . Kletnieks (Aug 29)
- Re: What do you want your ISP to block today? Valdis . Kletnieks (Aug 29)
- RE: What do you want your ISP to block today? Terry Baranski (Aug 29)
- Re: What do you want your ISP to block today? Rob Thomas (Aug 29)
- Re: What do you want your ISP to block today? Sean Donelan (Aug 29)
- Re: What do you want your ISP to block today? Rob Thomas (Aug 29)
- Re: What do you want your ISP to block today? Matthew S. Hallacy (Aug 29)
- Re: What do you want your ISP to block today? Joe Abley (Aug 30)
- Re: What do you want your ISP to block today? Valdis . Kletnieks (Aug 30)
- Re: What do you want your ISP to block today? Ray Wong (Aug 30)
- Re: What do you want your ISP to block today? Joe Abley (Aug 30)
- Re: What do you want your ISP to block today? Matthew S. Hallacy (Aug 30)
- Re: What do you want your ISP to block today? Owen DeLong (Aug 30)
- Re: What do you want your ISP to block today? Paul Vixie (Aug 31)
- Re: What do you want your ISP to block today? Sean Donelan (Aug 29)
- Message not available
- Re: What do you want your ISP to block today? Matthew S. Hallacy (Aug 30)
- Re: What do you want your ISP to block today? Iljitsch van Beijnum (Aug 29)
- Re: What do you want your ISP to block today? Christopher L. Morrow (Aug 29)
- Re: What do you want your ISP to block today? Rob Thomas (Aug 30)
- Re: What do you want your ISP to block today? Ray Wong (Aug 30)
- Re: What do you want your ISP to block today? Iljitsch van Beijnum (Aug 30)