from the dark-security dept.
"Blaster and it's effects have got me thinking ... Is it possible to have a node on the network act as a blackhole (ie: to capture and never let go of X,Y packets). How do you protect the inside of the network as transparently as possible? for example, at my university they were prepared for blaster, and blocked ports 135, 139 and 1444 but forgot about roaming teachers. This let the worm spread like oil on water inside the network. capturing all traffic on those ports and not routing it would have helped mittigate much of the spreading. this should be possible to do, but the question really is has anyone implement a node, whose sole purpose on the network is to be a blackhole not a firewall. maybe I am mislead, in that this is just a firewall."
In some ways this is just a firewall, but by black holing it you can do other things to the traffic (such as fingerprinting it by payload inspection). Anyone using some of the niftier PF features (like policy routing and "dup-to") to do such things?
(Comments are closed)
Anonymous Coward ()
Chris Tillett () firstname.lastname@example.org