[112616] in North American Network Operators' Group
Re: Dynamic IP log retention = 0?
daemon@ATHENA.MIT.EDU (Brett Charbeneau)
Wed Mar 11 10:55:56 2009
Date: Wed, 11 Mar 2009 10:55:43 -0400 (EDT)
From: Brett Charbeneau <brett@wrl.org>
To: William Allen Simpson <william.allen.simpson@gmail.com>
In-Reply-To: <49B7CDC6.8070304@gmail.com>
Cc: nanog@nanog.org
Errors-To: nanog-bounces@nanog.org
On Wed, 11 Mar 2009, William Allen Simpson wrote:
WAS> While I applaud your taking security seriously, and your active monitoring
WAS> of your resources, other folks might be handling huge numbers of Conficker,
WAS> Mebroot, and Torpig infections these days. So, they might be rather busy.
Excellent point. And with dwindling staff levels outgoing worm traffic
may be super low priority for them.
I know every operation is different - I just wanted to check with the
group before cranking up my level of indignation. =8^)
WAS> Are your library systems all clean?
I believe them to be. I have a Snort-based network intrusion detection
system (using sguil) running with eight taps - and we subscribe to the Snort VRT
rules. That's on top of host-based intrusion (OSSEC) on all of our servers and
critical workstations. And centrallly-manged anti-virus (Kaspersky) on all
desktops.
WAS> You don't seem to have your own ARIN allocation for wrl.org, so it's kinda
WAS> hard to tell from here....
WAS>
WAS> AS | IP | AS Name
WAS> 4565 | 66.200.204.71 | MEGAPATH2-US - MegaPath Networks Inc.
Yes - while we handle our own DNS our ISP prefers to mask our ARIN
entry for (their) ease of management. I try to be the anti-salmon with this and
go WITH the flow...
--
********************************************************************
Brett Charbeneau, GSEC Gold, GCIH Gold
Network Administrator
Williamsburg Regional Library
7770 Croaker Road
Williamsburg, VA 23188-7064
(757)259-4044 www.wrl.org
(757)259-4079 (fax) brett@wrl.org
********************************************************************
