[129495] in North American Network Operators' Group
RE: NOC Automation / Best Practices
daemon@ATHENA.MIT.EDU (Martin Hotze)
Wed Sep 8 12:59:26 2010
From: Martin Hotze <M.Hotze@hotze.com>
To: "nanog@nanog.org" <nanog@nanog.org>
Date: Wed, 8 Sep 2010 16:59:14 +0000
In-Reply-To: <mailman.1384.1283964375.813.nanog@nanog.org>
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
> -----Original Message-----
> Date: Wed, 08 Sep 2010 08:54:20 -0700
> From: Charles N Wyble <charles@knownelement.com>
> Subject: NOC Automation / Best Practices
> To: nanog@nanog.org
>=20
> NOGGERS,
>=20
> (...)
> The way I see it, an ounce of prevention is worth a pound of cure.
> Along
> those lines, I'm putting in some mitigation techniques are as follows
> (hopefully this will reduce the number of incidents and therefore calls
> to the abuse desk). I would appreciate any feedback folks can give me.
>=20
> A) Force any outbound mail through my SMTP server with AV/spam
> filtering.
> B) Force HTTP traffic through a SQUID proxy with SNORT/ClamAV running
> (several other WISPs are doing this with fairly substantial bandwidth
> savings. However I realize that many sites aren't cache friendly.
> Anyone
> know of a good way to check for that? Look at HTTP headers?). Do the
> bandwidth savings/security checking outweigh the increased support
> calls
> due to "broken" web sites?
> C) Force DNS to go through my server. I hope to reduce DNS hijacking
> attacks this way.
>=20
> Thanks!
For either A, B or C you won't get my business, let alone a combination of =
all 3. *wah!* There is too much FORCE here. :-)
#m
