Automatic shutdown of infected network connections

• Previous message (by thread): Automatic shutdown of infected network connections
• Next message (by thread): Automatic shutdown of infected network connections
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Wed, Sep 03, 2003 at 07:20:28AM -0500, Nathan E Norman wrote:
> On Wed, Sep 03, 2003 at 07:39:17AM -0500, Matthew S. Hallacy wrote:
> > Why in the world would you do that? the DOCSIS specification allows for
> > filtering rules at the CPE, which means you could simply block icmp echo
> > and ports 135-139+445 directly at their home network, causing no load 
> > whatsoever on your network, _and_ no more infected boxes (even at 56k).
> 
> The modem _is_ the CPE.  There's no load on the network; just CPU on
> the modem.  "modem config" != "CMTS config".

I think that's exactly what I said, perhaps you misread my comment.

My point was that you're rate limiting and filtering customers for no 
reason when you have the ability to filter the attack vectors in a very
effective and 'clean' way. You should consider leaving those ports filtered
seeing how they're the #1 way for windows systems to be infected/hijacked.

-- 
Matthew S. Hallacy                            FUBAR, LART, BOFH Certified
http://www.poptix.net                           GPG public key 0x01938203

• Previous message (by thread): Automatic shutdown of infected network connections
• Next message (by thread): Automatic shutdown of infected network connections
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]