Re: compromised machines and entire network health
- From: Chuck Swiger <cswiger@xxxxxxx>
- Date: Thu, 13 Jul 2006 14:11:32 -0400
Arie Kachler wrote:
In the past several years, we have had a few incidents of servers of customers that are compromised and then flood our entire network and bring down almost everything. The sql slammer worm for example.
Is there a solution to this?
Several. Egress filtering on your routers with logging to identify infected machines sooner rather than later is probably the single most useful thing you could do.
You could also set up a honeynet or teergrube which will slow down worms and reduce their rate of spread.
More complicated solutions involve bandwidth shaping via dummynet or ALTQ, etc.
--
-Chuck
_______________________________________________
freebsd-isp@xxxxxxxxxxx mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-isp
To unsubscribe, send any mail to "freebsd-isp-unsubscribe@xxxxxxxxxxx"
- References:
- compromised machines and entire network health
- From: Arie Kachler
- compromised machines and entire network health
- Prev by Date: Re: compromised machines and entire network health
- Next by Date: Password file
- Previous by thread: Re: compromised machines and entire network health
- Next by thread: Password file
- Index(es):
