Dynamic IP log retention = 0?
Brett Charbeneau
brett at wrl.org
Wed Mar 11 14:55:43 UTC 2009
On Wed, 11 Mar 2009, William Allen Simpson wrote:
WAS> While I applaud your taking security seriously, and your active monitoring
WAS> of your resources, other folks might be handling huge numbers of Conficker,
WAS> Mebroot, and Torpig infections these days. So, they might be rather busy.
Excellent point. And with dwindling staff levels outgoing worm traffic
may be super low priority for them.
I know every operation is different - I just wanted to check with the
group before cranking up my level of indignation. =8^)
WAS> Are your library systems all clean?
I believe them to be. I have a Snort-based network intrusion detection
system (using sguil) running with eight taps - and we subscribe to the Snort VRT
rules. That's on top of host-based intrusion (OSSEC) on all of our servers and
critical workstations. And centrallly-manged anti-virus (Kaspersky) on all
desktops.
WAS> You don't seem to have your own ARIN allocation for wrl.org, so it's kinda
WAS> hard to tell from here....
WAS>
WAS> AS | IP | AS Name
WAS> 4565 | 66.200.204.71 | MEGAPATH2-US - MegaPath Networks Inc.
Yes - while we handle our own DNS our ISP prefers to mask our ARIN
entry for (their) ease of management. I try to be the anti-salmon with this and
go WITH the flow...
--
********************************************************************
Brett Charbeneau, GSEC Gold, GCIH Gold
Network Administrator
Williamsburg Regional Library
7770 Croaker Road
Williamsburg, VA 23188-7064
(757)259-4044 www.wrl.org
(757)259-4079 (fax) brett at wrl.org
********************************************************************
More information about the NANOG
mailing list