Re: BCP for ISP to block worms at PEs and NAS

North American Network Operators Group

Re: BCP for ISP to block worms at PEs and NAS

From: Suresh Ramasubramanian
Date: Sun Apr 17 07:50:07 2005

Domainkey-signature: a=rsa-sha1; q=dns; c=nofws; s=beta; d=gmail.com; h=received:message-id:date:from:reply-to:to:subject:cc:in-reply-to:mime-version:content-type:content-transfer-encoding:content-disposition:references; b=PSR7cJrjkBRAHnexvF2+pDLAGV5vTQ8oLlFcJk/UZhzUJTnjD0X3x1jD+6S7QAC5sCSJWJWtEf1ybth8+dMQvCEY2j6JVgiCqj1akaB2j3mGJzrHDl8lTshS/X2DfwViltGQGlIduJyhuQtvgRbNkrddQFFWRiHAFCczkrRWjPs=

On 4/17/05, Kim Onnel <[email protected]> wrote:
> 
> Can someone confirm if my approach explained below is sufficient and
> if there is other/better ways to do this ? something i am missing.
> 

blocking netbios and 2..3 other ports is one way to go.

however, what you need is fast detection and nullrouting / walled
garden setup for infected machines on your LAN

Joe St.Sauver's presentation at
http://darkwing.uoregon.edu/~joe/zombies.pdf should help

-- 
Suresh Ramasubramanian ([email protected])

References:
- BCP for ISP to block worms at PEs and NAS Kim Onnel

Prev by Date: BCP for ISP to block worms at PEs and NAS
Next by Date: RE: cost of doing business (was:Re: OpenTransit (france telecom) depeers cogent)
Date Index
Thread Index
Author Index
Historical