Date: Thu, 13 Jul 2006 12:33:17 -0400 (EDT) From: "Gary D. Margiotta" <gary@tbe.net> To: Mark Bucciarelli <mark@gaiahost.coop> Cc: freebsd-isp@freebsd.org, Arie Kachler <akachler@telcom.net> Subject: Re: compromised machines and entire network health Message-ID: <20060713122922.L63493@kerplunk.tbe.net> In-Reply-To: <20060713162858.GC3508@rabbit> References: <44B66D42.6030302@telcom.net> <20060713162858.GC3508@rabbit>
next in thread | previous in thread | raw e-mail | index | archive | help
> I see two options: > > (1) If you have root, you could use traffic shaping to limit > outgoing traffic volume. Put all customers in jails and > don't give them access to the jail host where pf lives. > > (2) Monitor at the switch level and when a box goes crazy, shut > down that port. > > We are going with option (2) (hence my recent query about smart > switches). I'm not sure how/if (1) could work properly. > > I expect that we could automate (2) if we choose to. Problem with #1 is if the machines are not FreeBSD... if a machine is getting wormed, it's most likely a Windoze box. You'd have to take a network-level approach in that case, which is where smart switches come into play. Anything that has a host O/S on it (accessible via telnet or even web interface) should be able to do what you need to traffic shape, or shutdown singular ports if you need. We have Intel series switches which do this, as well as Cisco and other major-vendor switches. You'll pay more for them, but with that cost comes platform-agnostic tools to help manage the network and it's problems, abstracting the O/S from the picture. -Gary
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20060713122922.L63493>