[79854] in North American Network Operators' Group


home	help	back	first	fref	pref	prev	next	nref	lref	last	post

Re: BCP for ISP to block worms at PEs and NAS

daemon@ATHENA.MIT.EDU (Suresh Ramasubramanian)
Sun Apr 17 07:49:24 2005

Date: Sun, 17 Apr 2005 17:17:58 +0530
From: Suresh Ramasubramanian <ops.lists@gmail.com>
Reply-To: Suresh Ramasubramanian <ops.lists@gmail.com>
To: Kim Onnel <karim.adel@gmail.com>
Cc: nanog@merit.edu
In-Reply-To: <e05f3929050417042830b496a8@mail.gmail.com>
Errors-To: owner-nanog@merit.edu


On 4/17/05, Kim Onnel <karim.adel@gmail.com> wrote:
>=20
> Can someone confirm if my approach explained below is sufficient and
> if there is other/better ways to do this ? something i am missing.
>=20

blocking netbios and 2..3 other ports is one way to go.

however, what you need is fast detection and nullrouting / walled
garden setup for infected machines on your LAN

Joe St.Sauver's presentation at
http://darkwing.uoregon.edu/~joe/zombies.pdf should help

--=20
Suresh Ramasubramanian (ops.lists@gmail.com)


home	help	back	first	fref	pref	prev	next	nref	lref	last	post

[79854] in North American Network Operators' Group

Re: BCP for ISP to block worms at PEs and NAS

daemon@ATHENA.MIT.EDU (Suresh Ramasubramanian)Sun Apr 17 07:49:24 2005

daemon@ATHENA.MIT.EDU (Suresh Ramasubramanian)
Sun Apr 17 07:49:24 2005