Date: Thu, 13 Jul 2006 12:28:58 -0400 From: Mark Bucciarelli <mark@gaiahost.coop> To: Arie Kachler <akachler@telcom.net> Cc: freebsd-isp@freebsd.org Subject: Re: compromised machines and entire network health Message-ID: <20060713162858.GC3508@rabbit> In-Reply-To: <44B66D42.6030302@telcom.net> References: <44B66D42.6030302@telcom.net>
next in thread | previous in thread | raw e-mail | index | archive | help
On Thu, Jul 13, 2006 at 11:56:50AM -0400, Arie Kachler wrote: > Is there a solution to this? I know all computers should be > kept up to date so this does not happen, but most times > customers are not as attentive to patches as we sysadmins are. > Assuming that there will always be machines with security > issues, is there a way to prevent a compromised computer to > bring down an entire network? We had a similar issue with a box who's network card went temporarily insane (we think). It's a colocated box, so I don't know for sure. I see two options: (1) If you have root, you could use traffic shaping to limit outgoing traffic volume. Put all customers in jails and don't give them access to the jail host where pf lives. (2) Monitor at the switch level and when a box goes crazy, shut down that port. We are going with option (2) (hence my recent query about smart switches). I'm not sure how/if (1) could work properly. I expect that we could automate (2) if we choose to. -- Mark Bucciarelli GAIA Host Collective, LLC email: mark@gaiahost.coop web: http://www.gaiahost.coop ----------------------------------- ~~~~~~~~~~~~~~~~ "Reliable internet solutions from an environmentally and socially concerned worker collective" ~~~~~~~~~~~~~~~~
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20060713162858.GC3508>