North American Network Operators Group

Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

RE: Router / Protocol Problem

  • From: Michael.Dillon
  • Date: Thu Sep 07 08:11:38 2006

> Apparently some how this connection is being
> >matched via NBAR for good old Code Red.

> Best moved to cisco-nsp.

What!?
Network operator discovers that measures taken to mitigate
an old network security measure, long past their sell-by
date, are now causing random grief. Seems to me like
bang on topic for NANOG. What other such temporary mitigating
measures are still in place long after the danger has passed.

Note, that Code RED was a both an application vulnerability
and a network DDoS. Even though there are likely still many
hosts running the vulnerable application, the number is not
sufficient to cause another massive DDoD and measures taken
to protect against this particular peculiar DDoS, really 
don't have a good technical reason to remain in place.

This is probably also another instance of the well-known
ops problem: We know how to get stuff deployed but we
can't undeploy stuff because we are too busy deploying
other stuff.

--Michael Dillon