[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: compromised machines and entire network health

To: akachler_(_at_)_telcom_(_dot_)_net
Subject: Re: compromised machines and entire network health
From: Chuck Swiger <cswiger_(_at_)_mac_(_dot_)_com>
Date: Thu, 13 Jul 2006 14:11:32 -0400
Cc: freebsd-isp_(_at_)_freebsd_(_dot_)_org

Arie Kachler wrote:

In the past several years, we have had a few incidents of servers ofcustomers that are compromised and then flood our entire network andbring down almost everything. The sql slammer worm for example.
Is there a solution to this?

Several. Egress filtering on your routers with logging to identify infectedmachines sooner rather than later is probably the single most useful thing youcould do.

You could also set up a honeynet or teergrube which will slow down worms andreduce their rate of spread.


More complicated solutions involve bandwidth shaping via dummynet or ALTQ, etc.

--
-Chuck
_______________________________________________
freebsd-isp_(_at_)_freebsd_(_dot_)_org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-isp
To unsubscribe, send any mail to "freebsd-isp-unsubscribe_(_at_)_freebsd_(_dot_)_org"

References:
- compromised machines and entire network health
  - From: Arie Kachler

Prev by Date: Re: compromised machines and entire network health
Next by Date: Password file
Previous by thread: Re: compromised machines and entire network health
Next by thread: Password file
Index(es):
- Date
- Thread

Visit your host, monkey.org