North American Network Operators Group Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical Re: Homeland Security Alert System
Okay, I'll bite... --- Sean Donelan <[email protected]> wrote: > > On Fri, 21 Feb 2003, Martin Hannigan wrote: > Isn't your NOC normally vigilant? Of course. > > Perhaps even use different sets of ACL's on the > edge, etc. It could also > > be used > > to explain an unexpected surge in traffic, calls, > or other things. Ever > > look at some traffic stats and see a major surge > and want to make sure > > you understand why? > > Again wouldn't you also do all of these things > "normally?" If an ACL is a > good idea at "Orange" wouldn't you protect your > network with those ACL's > when the level is "Yellow." Or would you remove > those ACL's when the > threat level is reduced. How do would you explain > to your management when > you are hacked at level "Yellow" you had better > ACL's, but you only used > the good ACL's at level "Orange." Well, an example could be "if threat level is yellow, permit traffic from $foreign_country_x, but if it goes to orange, deny all from $foreign_country_x, or perhaps log all from there. I know that there are certain ISPs which deny all mail traffic from certain ASes, because of the volume of Spam. The same principle could be at work here: if (threat_level++) then deny(unknown_from_Source[nasty]) else permit. -David Barak fully RFC 1925 compliant __________________________________________________ Do you Yahoo!? Yahoo! Tax Center - forms, calculators, tips, more http://taxes.yahoo.com/
|