North American Network Operators Group Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical Re: Where are static bogon filters appropriate? was: 96.2.0.0/16 Bogons
On Tue, 6 Mar 2007, Mikael Abrahamsson wrote: Customer gets hacked, one of their boxen starts spewing traffic with spoofed addresses. The way I understand your solution is to automatically shut their port and disrupt all their traffic, and have them call customer support to get any further.
Drop spoofed traffic, and they send non-spoofed packets. Block port 25, and they send slammer on port 1434 Block messenger port 1025, and they send DNS DOS on port 53 Block irc bots port 6667, and they send VOIP spam port 5060 and so on and so on. <http://www.washingtonpost.com/wp-dyn/content/article/2007/03/08/AR2007030802012.html> The fast-spreading virus infected as many as 200 county computers Wednesday, and technicians shut down the entire network for Anne Arundel offices for more than 24 hours. http://msmvps.com/blogs/donna/archive/2006/02/12/83332.aspx One day last year, things started going haywire at Northwest Hospital and Medical Center. Key cards would no longer open the operating-room doors; computers in the intensive-care unit shut down; doctors' pagers wouldn't work. It turns out the Seattle hospital's computers . along with up to 50,000 others across the country . had been turned into an army of robots controlled by 20-year-old Caused by "known" vulnerabilities with patches available, but the customers decided it wasn't "important" enough to take action before they lost everything. Is it really customer service to avoid the issue?
|