[83515] in North American Network Operators' Group
Re: zotob - blocking tcp/445
daemon@ATHENA.MIT.EDU (Christopher L. Morrow)
Wed Aug 17 13:35:04 2005
Date: Wed, 17 Aug 2005 17:34:29 +0000 (GMT)
From: "Christopher L. Morrow" <christopher.morrow@mci.com>
In-reply-to: <43035546.4080204@emmanuelcomputerconsulting.com>
To: William Warren <hescominsoon@emmanuelcomputerconsulting.com>
Cc: nanog@merit.edu
Errors-To: owner-nanog@merit.edu
On Wed, 17 Aug 2005, William Warren wrote:
>
> I may be off base here. Can't an ips look at the traffic; say on 443
> and figure out whether the traffic is malicious or not? If so then let
> it filter it. I know IPS's aren't perfect, but, i would prefer this
> router be taken, if available and sensible including network outage or
> DDOS, than a hard block. A quick block to mitigate and then an IPS rule
and you have an IPS that works on oc-192 SONET links? what about the
coming oc-768?
