codered/nimda blocking
John Chambers
jc at trillian.mit.edu
Tue Nov 6 11:03:45 EST 2001
Peter R. Wood writes:
| There has been a lot of discussion about the code red and nimda viruses,
| but most of the solutions have been aimed at repairing and patching
| infected computers. I have seen less emphasis on protecting networks from
| virus traffic to non-vulnerable machines.
...
| So we contacted our ISP (Genuity) and asked them if they could set this up
| on our routers. They refused, saying that they didn't think the routers
| were the right place to handle this problem, and suggested we set up a
| firewall. (Why would Cisco give their routers this capability, then?)
Sounds to me like they Just Can't Be Bothered.
A couple years back, I worked on a project at Sitara Networks, whose
business is building load-balancing gateways/routers. Many of their
customers were ISPs. At the time, the main worry was dealing with
resource hogs such as streaming audio and video. Their software made
it possible to limit the bandwidth of such traffic without blocking
it entirely. I'd bet that they are now dealing seriously with things
like CodeRed and Nimda packet storms. This does seem like a very
reasonable thing for an ISP to do. And the log files will tell you
who is responsible, so you can talk to them and see whether it's a
problem that needs fixing, or if it's traffic that they would like to
pay for ...
More information about the Discuss
mailing list