North American Network Operators Group Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical Re: Automatic shutdown of infected network connections
On Wed, Sep 03, 2003 at 07:39:17AM -0500, Matthew S. Hallacy wrote: > > On Tue, Sep 02, 2003 at 09:59:51AM -0500, Jonathan Crockett wrote: > > I work for a cable modem provider. What we came up with is a modem config > > that allows http, pop, and smtp while cutting the allowed bandwidth to 56k > > upstream and 56k downstrem. This way they can still get the needed updates, > > but are not able to blast our network. Secondary effect is that customer > > will call in an complain about slow speeds, then our techs can tell them why, > > they are slow and inform them how to fix the problem. > > Why in the world would you do that? the DOCSIS specification allows for > filtering rules at the CPE, which means you could simply block icmp echo > and ports 135-139+445 directly at their home network, causing no load > whatsoever on your network, _and_ no more infected boxes (even at 56k). The modem _is_ the CPE. There's no load on the network; just CPU on the modem. "modem config" != "CMTS config". > Besides, have you ever tried updating an XP system at 56k? It could > literally take days. You may have a point there. -- Nathan Norman - Incanus Networking mailto:[email protected] Perilous to all of us are the devices of an art deeper than we ourselves possess. -- Gandalf the Grey
|