M$SQL cleanup incentives

jlewis at lewis.org jlewis at lewis.org
Sat Feb 22 22:59:43 UTC 2003


On Sat, 22 Feb 2003, Stephen Sprunk wrote:

> As one hoster put it to me, DoS and worm traffic is billable so it's not in
> the hoster's interests to protect customers -- quite the opposite in fact.

Whether or not the traffic is billable is irrelevant if your network is 
effectively down.  One infected host connected to a 2900XL effectively 
kills the switch.  I was fortunate enough to be on vacation and not even 
have net access when the initial slammer wave hit.  But when I was back 
and on-call, we had a single customer get (re-?)infected, killing the 
switch they were on and noticably slowing down the network for the whole 
POP.

> What will you do when a similar worm appears on 53/udp or some other
> heavily-used port?  We lucked out with Sapphire because MS/SQL is generally

Be screwed unless we've completed planned upgrades.  But in this case, I
can filter until we've upgraded our network to hardware that's better able
to deal with such traffic.  Just because filtering might not always work
doesn't mean it shouldn't be done when it does work.

----------------------------------------------------------------------
 Jon Lewis *jlewis at lewis.org*|  I route
 System Administrator        |  therefore you are
 Atlantic Net                |  
_________ http://www.lewis.org/~jlewis/pgp for PGP public key_________




More information about the NANOG mailing list