nanog mailing list archives
Re: FBI tells the public to call their ISP for help
From: Jack Bates <jbates () brightok net>
Date: Thu, 14 Jun 2007 09:23:54 -0500
Sean Donelan wrote: <snip>
Since many Microsoft patches are only legally available via the Internet, and an ISP can not predict which servers Microsoft will use to distribute Microsoft patches, ISPs must enable essentially full Internet access which includes access for most worms.
<snip>May I recommend developing an in house method for allowing the customer only access to your servers (web, dns, proxy, etc), and then apply filters for everything else except for tcp/80. If you wanted to be additionally paranoid, you could even allow only established tcp/80 connections back to the customer.
Once updated, customer could establish contact to have filters removed, or an automated web process you be created.
It's a ton of work, and there are any number of ways to do it. A lot depends on your network. It can be done, though.
Jack
Current thread:
- FBI tells the public to call their ISP for help Sean Donelan (Jun 13)
- Re: FBI tells the public to call their ISP for help Roland Dobbins (Jun 13)
- Re: FBI tells the public to call their ISP for help Sean Donelan (Jun 13)
- Re: FBI tells the public to call their ISP for help John Levine (Jun 13)
- Re: FBI tells the public to call their ISP for help Sean Donelan (Jun 14)
- RE: FBI tells the public to call their ISP for help michael.dillon (Jun 14)
- Re: FBI tells the public to call their ISP for help Kradorex Xeron (Jun 14)
- Re: FBI tells the public to call their ISP for help Per Heldal (Jun 15)
- RE: FBI tells the public to call their ISP for help Frank Bulk (Jun 16)
- Re: FBI tells the public to call their ISP for help Alexander Harrowell (Jun 17)
- Re: FBI tells the public to call their ISP for help Sean Donelan (Jun 14)
- Re: FBI tells the public to call their ISP for help Roland Dobbins (Jun 13)
- Re: FBI tells the public to call their ISP for help Jack Bates (Jun 14)
- Re: FBI tells the public to call their ISP for help Sean Donelan (Jun 14)
- Re: FBI tells the public to call their ISP for help Owen DeLong (Jun 14)
- Re: FBI tells the public to call their ISP for help Jim Popovitch (Jun 14)
- Re: FBI tells the public to call their ISP for help Owen DeLong (Jun 14)
- Re: FBI tells the public to call their ISP for help Florian Weimer (Jun 15)
- Re: FBI tells the public to call their ISP for help Owen DeLong (Jun 15)
- Re: FBI tells the public to call their ISP for help Florian Weimer (Jun 15)
- Re: FBI tells the public to call their ISP for help Kevin Day (Jun 15)
- Re: FBI tells the public to call their ISP for help Fred Baker (Jun 15)
- Re: FBI tells the public to call their ISP for help Florian Weimer (Jun 16)