Automatic shutdown of infected network connections
Nathan E Norman
nnorman at incanus.net
Wed Sep 3 12:20:28 UTC 2003
On Wed, Sep 03, 2003 at 07:39:17AM -0500, Matthew S. Hallacy wrote:
>
> On Tue, Sep 02, 2003 at 09:59:51AM -0500, Jonathan Crockett wrote:
> > I work for a cable modem provider. What we came up with is a modem config
> > that allows http, pop, and smtp while cutting the allowed bandwidth to 56k
> > upstream and 56k downstrem. This way they can still get the needed updates,
> > but are not able to blast our network. Secondary effect is that customer
> > will call in an complain about slow speeds, then our techs can tell them why,
> > they are slow and inform them how to fix the problem.
>
> Why in the world would you do that? the DOCSIS specification allows for
> filtering rules at the CPE, which means you could simply block icmp echo
> and ports 135-139+445 directly at their home network, causing no load
> whatsoever on your network, _and_ no more infected boxes (even at 56k).
The modem _is_ the CPE. There's no load on the network; just CPU on
the modem. "modem config" != "CMTS config".
> Besides, have you ever tried updating an XP system at 56k? It could
> literally take days.
You may have a point there.
--
Nathan Norman - Incanus Networking mailto:nnorman at incanus.net
Perilous to all of us are the devices of an art deeper than we
ourselves possess.
-- Gandalf the Grey
More information about the NANOG
mailing list