Merit Network
Can't find what you're looking for? Search the Mail Archives.
  About Merit   Services   Network   Resources & Support   Network Research   News   Events   Home

Discussion Communities: Merit Network Email List Archives

North American Network Operators Group

Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

Re: filtering whitehouse.gov?

  • From: Sabri Berisha
  • Date: Sun Jul 22 05:55:07 2001

On Sat, 21 Jul 2001, Jon O . wrote:

> I understand your need to do something like this, but you are
> essentially causing the worm to fulfill it's goal and
> censoring your customers. I worried that many people would do this.

> Why not just use outbound Cisco ACLs on your CPE, Core, and Border
> routers to permit and log the traffic to the one IP address being
> attacked and them contact the people who have hacked machines? Or,
> if you must use the ACLs to deny the packets with the goal of
> identifing machines and getting them fixed.

Outbound ACL's are an option but then you would have to be sure that they
are sending the packets to port 80.

> access-list 199 permit tcp any host 198.137.240.91 eq 80 log
> access-list 199 permit tcp any host 198.137.240.92 eq 80 log
>
> You should already be logging packets to a syslog server.

We already log every packet coming by on a machine which counts the
traffic so any infected box will be identified soon.

> To make deny rules just change the permit to deny. However, this is
> kind of drastic and almost amounts to censorship.

Censorship is a way to see it, I prefer to call it operational prevention
of a DoS attack. The risk of "censoring" two IP's over DoS'ing an entire
network is one I can explain to angry customers (if there are any).

-- 
/* Sabri Berisha CCNA,BOFH,+iO        O.O        speaking for just myself
 * Join HAL!!: www.HAL2001.org ____oOo_U_oOo____ http://www.bit.nl/~sabri
 *  "We deliver quality services, we just can't get it on the internet"
 *   Anonymous sysadmin - on IRC                                       */






Discussion Communities


About Merit | Services | Network | Resources & Support | Network Research
News | Events | Contact | Site Map | Merit Network Home


Merit Network, Inc.