Automatic shutdown of infected network connections

• Previous message (by thread): Automatic shutdown of infected network connections
• Next message (by thread): Automatic shutdown of infected network connections
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Tue, Sep 02, 2003 at 09:59:51AM -0500, Jonathan Crockett wrote:
> I work for a cable modem provider.  What we came up with is a modem config
> that allows http, pop, and smtp while cutting the allowed bandwidth to 56k
> upstream and 56k downstrem.  This way they can still get the needed updates,
> but are not able to blast our network.  Secondary effect is that customer
> will call in an complain about slow speeds, then our techs can tell them why,
> they are slow and inform them how to fix the problem.

Why in the world would you do that? the DOCSIS specification allows for
filtering rules at the CPE, which means you could simply block icmp echo
and ports 135-139+445 directly at their home network, causing no load 
whatsoever on your network, _and_ no more infected boxes (even at 56k).

Besides, have you ever tried updating an XP system at 56k? It could 
literally take days.

-- 
Matthew S. Hallacy                            FUBAR, LART, BOFH Certified
http://www.poptix.net                           GPG public key 0x01938203

• Previous message (by thread): Automatic shutdown of infected network connections
• Next message (by thread): Automatic shutdown of infected network connections
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]