On Sat, 22 Feb 2003, Stephen Sprunk wrote:
As one hoster put it to me, DoS and worm traffic is billable so it's not in the hoster's interests to protect customers -- quite the opposite in fact.
Whether or not the traffic is billable is irrelevant if your network is effectively down. One infected host connected to a 2900XL effectively kills the switch. I was fortunate enough to be on vacation and not even have net access when the initial slammer wave hit. But when I was back and on-call, we had a single customer get (re-?)infected, killing the switch they were on and noticably slowing down the network for the whole POP.
What will you do when a similar worm appears on 53/udp or some other heavily-used port? We lucked out with Sapphire because MS/SQL is generally
Be screwed unless we've completed planned upgrades. But in this case, I can filter until we've upgraded our network to hardware that's better able to deal with such traffic. Just because filtering might not always work doesn't mean it shouldn't be done when it does work. ---------------------------------------------------------------------- Jon Lewis *jlewis@lewis.org*| I route System Administrator | therefore you are Atlantic Net | _________ http://www.lewis.org/~jlewis/pgp for PGP public key_________