On Fri, 26 Sep 2003 [EMAIL PROTECTED] wrote: > Which brings us to my question. Is there a way to harden a network such > that infected systems can live on that network without significantly > affecting the bandwidth swallowed by the other users? What methods are
Recent cisco routers can policy-route only icmp traffic of the particular size used by welchia, and recent cisco switches can traffic-shape or filter in hardware at the port level. http://security.uconn.edu/uconn_response.html http://go.brandeis.edu/rpc I think most dsl/cable modem ISPs have pushed icmp and 135-139 filters out to the cable modem/dsl router at the customer location. What this means for universities is that the ISPs simply don't care, so users are free to pick up their pre-compromised computer and take it to our networks which have file sharing open -- except at Stanford, which has killed all Windows networking, see http://securecomputing.stanford.edu/port-filter.html -- Rich Graves <[EMAIL PROTECTED]> UNet Systems Administrator --- Send mail for the `bblisa' mailing list to [EMAIL PROTECTED]'. Mail administrative requests to [EMAIL PROTECTED]'.
