[129500] in North American Network Operators' Group
Re: NOC Automation / Best Practices
daemon@ATHENA.MIT.EDU (Owen DeLong)
Wed Sep 8 16:49:19 2010
From: Owen DeLong <owen@delong.com>
In-Reply-To: <6A4EBE06CF13034585C3F773EAF836A33B897E0A@exsrv01.hotzecom.local>
Date: Wed, 8 Sep 2010 13:45:13 -0700
To: Martin Hotze <M.Hotze@hotze.com>
Cc: "nanog@nanog.org" <nanog@nanog.org>
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
On Sep 8, 2010, at 9:59 AM, Martin Hotze wrote:
>> -----Original Message-----
>> Date: Wed, 08 Sep 2010 08:54:20 -0700
>> From: Charles N Wyble <charles@knownelement.com>
>> Subject: NOC Automation / Best Practices
>> To: nanog@nanog.org
>>=20
>> NOGGERS,
>>=20
>> (...)
>> The way I see it, an ounce of prevention is worth a pound of cure.
>> Along
>> those lines, I'm putting in some mitigation techniques are as follows
>> (hopefully this will reduce the number of incidents and therefore =
calls
>> to the abuse desk). I would appreciate any feedback folks can give =
me.
>>=20
>> A) Force any outbound mail through my SMTP server with AV/spam
>> filtering.
>> B) Force HTTP traffic through a SQUID proxy with SNORT/ClamAV running
>> (several other WISPs are doing this with fairly substantial bandwidth
>> savings. However I realize that many sites aren't cache friendly.
>> Anyone
>> know of a good way to check for that? Look at HTTP headers?). Do the
>> bandwidth savings/security checking outweigh the increased support
>> calls
>> due to "broken" web sites?
>> C) Force DNS to go through my server. I hope to reduce DNS hijacking
>> attacks this way.
>>=20
>> Thanks!
>=20
> For either A, B or C you won't get my business, let alone a =
combination of all 3. *wah!* There is too much FORCE here. :-)
>=20
> #m
>=20
+1
Owen
