codered/nimda blocking
Derek D. Martin
ddm at pizzashack.org
Tue Nov 6 11:44:46 EST 2001
> So we contacted our ISP (Genuity) and asked them if they could set this up
> on our routers. They refused, saying that they didn't think the routers
> were the right place to handle this problem, and suggested we set up a
> firewall. (Why would Cisco give their routers this capability, then?)
Interesting... A firewall is nothing more than a router that filters
traffic. Granted, they usually have a good bit of software dedicated
to the task which the average router doesn't, but what's the difference?
Now, if you don't actually have a firewall, it's a REALLY REALLY good
idea. If you want a firewall that does this, the Cisco PIX can do it.
I haven't tried it, and I'm not that familiar with Cisco products,
unfortunately. But it's probably done the same way it would be done
on your routers. It could be done, in theory, using IP tables on
Linux, but only if you wanted to write your own filtering program to
do the actual filtering.
I'm inclined to think that the folks at genuity are just being stupid
and/or lazy.
--
Derek Martin ddm at pizzashack.org
---------------------------------------------
I prefer mail encrypted with PGP/GPG!
GnuPG Key ID: 0x81CFE75D
Retrieve my public key at http://pgp.mit.edu
Learn more about it at http://www.gnupg.org
More information about the Discuss
mailing list