Home page logo

nanog logo nanog mailing list archives

Re: M$SQL cleanup incentives
From: jlewis () lewis org
Date: Sat, 22 Feb 2003 17:59:43 -0500 (EST)

On Sat, 22 Feb 2003, Stephen Sprunk wrote:

As one hoster put it to me, DoS and worm traffic is billable so it's not in
the hoster's interests to protect customers -- quite the opposite in fact.

Whether or not the traffic is billable is irrelevant if your network is 
effectively down.  One infected host connected to a 2900XL effectively 
kills the switch.  I was fortunate enough to be on vacation and not even 
have net access when the initial slammer wave hit.  But when I was back 
and on-call, we had a single customer get (re-?)infected, killing the 
switch they were on and noticably slowing down the network for the whole 

What will you do when a similar worm appears on 53/udp or some other
heavily-used port?  We lucked out with Sapphire because MS/SQL is generally

Be screwed unless we've completed planned upgrades.  But in this case, I
can filter until we've upgraded our network to hardware that's better able
to deal with such traffic.  Just because filtering might not always work
doesn't mean it shouldn't be done when it does work.

 Jon Lewis *jlewis () lewis org*|  I route
 System Administrator        |  therefore you are
 Atlantic Net                |  
_________ http://www.lewis.org/~jlewis/pgp for PGP public key_________

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]