Best moved to cisco-nsp.
-Hank Nussbacher
http://www.interall.co.il
Apparently some how this connection is being
>matched via NBAR for good old Code Red.
Best moved to cisco-nsp.
What!?
Network operator discovers that measures taken to mitigate
an old network security measure, long past their sell-by
date, are now causing random grief. Seems to me like
bang on topic for NANOG. What other such temporary mitigating
measures are still in place long after the danger has passed.
Note, that Code RED was a both an application vulnerability
and a network DDoS. Even though there are likely still many
hosts running the vulnerable application, the number is not
sufficient to cause another massive DDoD and measures taken
to protect against this particular peculiar DDoS, really
don't have a good technical reason to remain in place.
This is probably also another instance of the well-known
ops problem: We know how to get stuff deployed but we
can't undeploy stuff because we are too busy deploying
other stuff.
--Michael Dillon
Michael.Dillon@btradianz.com writes:
Network operator discovers that measures taken to mitigate
an old network security measure, long past their sell-by
date, are now causing random grief. Seems to me like
bang on topic for NANOG.
Agreed. Rare that people do haircuts on router configs; they're
tedious and can not be delegated to an intern or someone else who
doesn't have historical context. I just cut a config by half by
removing unused ACLs, and even that is fairly painful.
What other such temporary mitigating
measures are still in place long after the danger has passed. (?)
It's been almost nine and a half years and was a short-lived problem,
but I'll betcha that an announcement from AS 7007 will have
reachability problems to a measurable fraction of the Internet. That
would make a kind of cool experiment. Vinny, you listening?
---Rob
Yeah. Don't want any operational stuff here. Need to get back to who's got a free 300-baud dialup in Antwerp.
Hank Nussbacher wrote: