From owner-freebsd-isp@FreeBSD.ORG Thu Jul 13 15:57:04 2006 Return-Path: X-Original-To: freebsd-isp@freebsd.org Delivered-To: freebsd-isp@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 6653B16A4DA for ; Thu, 13 Jul 2006 15:57:04 +0000 (UTC) (envelope-from akachler@telcom.net) Received: from mail.telcom.net (mail.telcom.net [200.62.2.251]) by mx1.FreeBSD.org (Postfix) with ESMTP id E124743D46 for ; Thu, 13 Jul 2006 15:57:03 +0000 (GMT) (envelope-from akachler@telcom.net) Received: from [127.0.0.1] (216-22-121-208.idstelcom.net [216.22.121.208] (may be forged)) by mail.telcom.net (8.13.6/8.13.6) with ESMTP id k6DFxoTO011917 for ; Thu, 13 Jul 2006 11:59:52 -0400 Message-ID: <44B66D42.6030302@telcom.net> Date: Thu, 13 Jul 2006 11:56:50 -0400 From: Arie Kachler Organization: Telcom.Net User-Agent: Thunderbird 1.5.0.4 (Windows/20060516) MIME-Version: 1.0 To: freebsd-isp@freebsd.org Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Subject: compromised machines and entire network health X-BeenThere: freebsd-isp@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list Reply-To: akachler@telcom.net List-Id: Internet Services Providers List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 13 Jul 2006 15:57:04 -0000 Hello, In the past several years, we have had a few incidents of servers of customers that are compromised and then flood our entire network and bring down almost everything. The sql slammer worm for example. Is there a solution to this? I know all computers should be kept up to date so this does not happen, but most times customers are not as attentive to patches as we sysadmins are. Assuming that there will always be machines with security issues, is there a way to prevent a compromised computer to bring down an entire network? Any suggestions will be greatly appreciated. Arie Kachler