Date: Thu, 13 Jul 2006 14:11:32 -0400 From: Chuck Swiger <cswiger@mac.com> To: akachler@telcom.net Cc: freebsd-isp@freebsd.org Subject: Re: compromised machines and entire network health Message-ID: <44B68CD4.8050701@mac.com> In-Reply-To: <44B66D42.6030302@telcom.net> References: <44B66D42.6030302@telcom.net>
next in thread | previous in thread | raw e-mail | index | archive | help
Arie Kachler wrote: > In the past several years, we have had a few incidents of servers of > customers that are compromised and then flood our entire network and > bring down almost everything. The sql slammer worm for example. > > Is there a solution to this? Several. Egress filtering on your routers with logging to identify infected machines sooner rather than later is probably the single most useful thing you could do. You could also set up a honeynet or teergrube which will slow down worms and reduce their rate of spread. More complicated solutions involve bandwidth shaping via dummynet or ALTQ, etc. -- -Chuck
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?44B68CD4.8050701>