No bursting anywhere for anything. Currently I firewall all IPs that touch my honey pot IPs or attempt SSH at my edge. No need to have any of them on my network. I'm implementing a method to bring all servers, routers, switches, etc. back to a central syslog where I run my analysis there. That will then capture the more distributed scans\attacks. Other than a whitelist, violators will be thrown into a BGP blackhole. It'll also fire off an e-mail to the RIR registered abuse contact. If you're doing any sort of trickery or trickeration (intentional via script kiddie\worse or unintentional via malware), I don't want simple scans escalating into something more complex and possibly more damaging. You do the simple stuff, into the blackhole you go. I do understand that the abuse contact on the other side isn't likely to do much, but for the networks that will take action, I'd like to give them the information to do so. Plus if enough people do it, the abuse contacts are going to have to do something.
----- Mike Hammett Intelligent Computing Solutions http://www.ics-il.com ----- Original Message ----- From: "Tyson Burris @ Internet Communications Inc via Af" <[email protected]> To: [email protected] Cc: [email protected] Sent: Tuesday, December 2, 2014 8:28:16 AM Subject: [AFMUG] 1. Netflix 2. Hacking Two questions for the group this am. 1. Are you setting burst limits for Netflix or other streaming video services on your network routers? If so, what rate are you limiting it at? 2. With 97% of the US networks now Hackable, what are you doing on your side and advising customers to do? Meaning… what front line defenses are you taking and what software and/or hardware protection are you recommending to your customers? (It would appear that the majority of hacks these days are actually Malware infections inside the network - Employee related errors) Put your 2 cents in. Tyson Burris, President Internet Communications Inc. 739 Commerce Dr. Franklin, IN 46131 317-738-0320 Daytime # 317-412-1540 Cell/Direct # Online: www.surfici.net ICI What can ICI do for you? Broadband Wireless - PtP/PtMP Solutions - WiMax - Mesh Wifi/Hotzones - IP Security - Fiber - Tower - Infrastructure. CONFIDENTIALITY NOTICE: This e-mail is intended for the addressee shown. It contains information that is confidential and protected from disclosure. Any review, dissemination or use of this transmission or its contents by unauthorized organizations or individuals is strictly prohibited.
