Home page logo

nanog logo nanog mailing list archives

Re: Homeland Security Alert System
From: David Barak <thegameiam () yahoo com>
Date: Fri, 21 Feb 2003 09:29:32 -0800 (PST)

Okay, I'll bite...

--- Sean Donelan <sean () donelan com> wrote:

On Fri, 21 Feb 2003, Martin Hannigan wrote:

Isn't your NOC normally vigilant?  

Of course.

Perhaps even use different sets of ACL's on the
edge, etc. It could also
be used
to explain an unexpected surge in traffic, calls,
or other things. Ever
look at some traffic stats and see a major surge
and want to make sure
you understand why?

Again wouldn't you also do all of these things
"normally?"  If an ACL is a
good idea at "Orange" wouldn't you protect your
network with those ACL's
when the level is "Yellow."  Or would you remove
those ACL's when the
threat level is reduced.  How do would you explain
to your management when
you are hacked at level "Yellow" you had better
ACL's, but you only used
the good ACL's at level "Orange."

Well, an example could be "if threat level is yellow,
permit traffic from $foreign_country_x, but if it goes
to orange, deny all from $foreign_country_x, or
perhaps log all from there.

I know that there are certain ISPs which deny all mail
traffic from certain ASes, because of the volume of
Spam.  The same principle could be at work here: if
(threat_level++) then deny(unknown_from_Source[nasty])
else permit.

-David Barak
fully RFC 1925 compliant

Do you Yahoo!?
Yahoo! Tax Center - forms, calculators, tips, more

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]