Ryan Ghering wrote:
> As a side note, my upstream called this morning, asked if they could remove > the access-list, stating its policy to only leave ACL's in place for 12 to > 24 hours. > I asked them If this was conficker what can be done to permently block it. Do they have an IPS in place? If they aren't blocking the windows ports (which I understand the rational for/against), then I would hope they have an IPS in place. If so, signatures are readily available to detect conficker. > They tell me this is my issue not theres. Heh. Typical. So I have to take a chance in 12 > hours when they remove the ACL that my network will be screwed again. An log > export shows in just a 10 minute period over 18,000 address's denyed on 445 > tcp. Yep. Sounds about right. They really should implement filtering. Can they do an ACL just on your vlan? I understand them not wanting to filter at the border. However they should be willing to filter on your VLAN. Is this one of the major telcos? -------------------------------------------------------------------------------- WISPA Wants You! Join today! http://signup.wispa.org/ -------------------------------------------------------------------------------- WISPA Wireless List: wireless@wispa.org Subscribe/Unsubscribe: http://lists.wispa.org/mailman/listinfo/wireless Archives: http://lists.wispa.org/pipermail/wireless/
