[56062] in North American Network Operators' Group
Re: M$SQL cleanup incentives
daemon@ATHENA.MIT.EDU (jlewis@lewis.org)
Sat Feb 22 18:00:26 2003
Date: Sat, 22 Feb 2003 17:59:43 -0500 (EST)
From: jlewis@lewis.org
To: Stephen Sprunk <stephen@sprunk.org>
Cc: Doug Clements <dsclements@linkline.com>,
William Allen Simpson <wsimpson@greendragon.com>,
North American Noise and Off-topic Gripes <nanog@nanog.org>
In-Reply-To: <00c101c2dabc$242a8b70$93b58742@ssprunk>
Errors-To: owner-nanog-outgoing@merit.edu
On Sat, 22 Feb 2003, Stephen Sprunk wrote:
> As one hoster put it to me, DoS and worm traffic is billable so it's not in
> the hoster's interests to protect customers -- quite the opposite in fact.
Whether or not the traffic is billable is irrelevant if your network is
effectively down. One infected host connected to a 2900XL effectively
kills the switch. I was fortunate enough to be on vacation and not even
have net access when the initial slammer wave hit. But when I was back
and on-call, we had a single customer get (re-?)infected, killing the
switch they were on and noticably slowing down the network for the whole
POP.
> What will you do when a similar worm appears on 53/udp or some other
> heavily-used port? We lucked out with Sapphire because MS/SQL is generally
Be screwed unless we've completed planned upgrades. But in this case, I
can filter until we've upgraded our network to hardware that's better able
to deal with such traffic. Just because filtering might not always work
doesn't mean it shouldn't be done when it does work.
----------------------------------------------------------------------
Jon Lewis *jlewis@lewis.org*| I route
System Administrator | therefore you are
Atlantic Net |
_________ http://www.lewis.org/~jlewis/pgp for PGP public key_________
