[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

NOC Automation / Best Practices

Subject: NOC Automation / Best Practices
From: owen at delong.com (Owen DeLong)
Date: Wed, 8 Sep 2010 13:45:13 -0700
In-reply-to: <[email protected]>
References: <[email protected]> <[email protected]>

On Sep 8, 2010, at 9:59 AM, Martin Hotze wrote:

>> -----Original Message-----
>> Date: Wed, 08 Sep 2010 08:54:20 -0700
>> From: Charles N Wyble <charles at knownelement.com>
>> Subject: NOC Automation / Best Practices
>> To: nanog at nanog.org
>> 
>>  NOGGERS,
>> 
>> (...)
>> The way I see it, an ounce of prevention is worth a pound of cure.
>> Along
>> those lines, I'm putting in some mitigation techniques are as follows
>> (hopefully this will reduce the number of incidents and therefore calls
>> to the abuse desk). I would appreciate any feedback folks can give me.
>> 
>> A) Force any outbound mail through my SMTP server with AV/spam
>> filtering.
>> B) Force HTTP traffic through a SQUID proxy with SNORT/ClamAV running
>> (several other WISPs are doing this with fairly substantial bandwidth
>> savings. However I realize that many sites aren't cache friendly.
>> Anyone
>> know of a good way to check for that? Look at HTTP headers?).  Do the
>> bandwidth savings/security checking outweigh the increased support
>> calls
>> due to "broken" web sites?
>> C) Force DNS to go through my server. I hope to reduce DNS hijacking
>> attacks this way.
>> 
>> Thanks!
> 
> For either A, B or C you won't get my business, let alone a combination of all 3. *wah!* There is too much FORCE here. :-)
> 
> #m
> 

+1

Owen

References:
- NOC Automation / Best Practices
  - From: M.Hotze at hotze.com (Martin Hotze)

Prev by Date: ISP port blocking practice
Next by Date: NANOG Digest, Vol 32, Issue 25
Previous by thread: NOC Automation / Best Practices
Next by thread: Speakeasy Contact
Index(es):
- Date
- Thread