North American Network Operators Group|
Date Prev | Date Next |
Date Index |
Thread Index |
Author Index |
Re: M$SQL cleanup incentives
- From: Stephen Sprunk
- Date: Sat Feb 22 16:51:36 2003
Thus spake <email@example.com>
> If your network is able to contain slammer infected boxes without
> melting down, who cares if you have a few infected customers? You
> don't need to filter, and they'll all be encouraged to fix their systems
As one hoster put it to me, DoS and worm traffic is billable so it's not in
the hoster's interests to protect customers -- quite the opposite in fact.
> I don't believe we'll have to filter 1434/udp forever, but I plan to leave
> the filters in place until we no longer need them or until they hurt more
> than they help.
What will you do when a similar worm appears on 53/udp or some other
heavily-used port? We lucked out with Sapphire because MS/SQL is generally
safe to block on public networks, but its speed can be easily applied to
other protocols we can't afford to block.
Stephen Sprunk "God does not play dice." --Albert Einstein
CCIE #3723 "God is an inveterate gambler, and He throws the
K5SSS dice at every possible opportunity." --Stephen Hawking