Boston Linux & Unix (BLU) Home | Calendar | Mail Lists | List Archives | Desktop SIG | Hardware Hacking SIG
Wiki | Flickr | PicasaWeb | Video | Maps & Directions | Installfests | Keysignings
Linux Cafe | Meeting Notes | Blog | Linux Links | Bling | About BLU

BLU Discuss list archive


[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

codered/nimda blocking



> So we contacted our ISP (Genuity) and asked them if they could set this up
> on our routers. They refused, saying that they didn't think the routers
> were the right place to handle this problem, and suggested we set up a
> firewall. (Why would Cisco give their routers this capability, then?)

Interesting...  A firewall is nothing more than a router that filters
traffic.  Granted, they usually have a good bit of software dedicated
to the task which the average router doesn't, but what's the difference?

Now, if you don't actually have a firewall, it's a REALLY REALLY good
idea.  If you want a firewall that does this, the Cisco PIX can do it.
I haven't tried it, and I'm not that familiar with Cisco products,
unfortunately.  But it's probably done the same way it would be done
on your routers.  It could be done, in theory, using IP tables on
Linux, but only if you wanted to write your own filtering program to
do the actual filtering.

I'm inclined to think that the folks at genuity are just being stupid
and/or lazy.


-- 
Derek Martin               ddm at pizzashack.org    
---------------------------------------------
I prefer mail encrypted with PGP/GPG!
GnuPG Key ID: 0x81CFE75D
Retrieve my public key at http://pgp.mit.edu
Learn more about it at http://www.gnupg.org




BLU is a member of BostonUserGroups
BLU is a member of BostonUserGroups
We also thank MIT for the use of their facilities.

Valid HTML 4.01! Valid CSS!



Boston Linux & Unix / webmaster@blu.org