<div dir="ltr">Hi Andrew (and thanks Joshua),<div><br></div><div>I presume you are a service provider of some sort, but even SP's, it can depend on what kind of SP.</div><div><br></div><div>This might sound simplistic... but I believe straight out tail providers should avoid worrying too much about what I call 'micro-security'.... that is, ports, scanning, etc... your job is to not mess with traffic and allow it to flow through your network as un-molested as possible. Performance is the number one thing you need to concentrate, and your network should be about passing packets as fast as you can. So, 'macro-security', things that impact your performance, DDoS, etc, that is something you need to consider - or just live with it when you are hit.</div>
<div><br></div><div>I don't like seeing servers or tails abdicating their responsibility for host security being passed to the upstream network.... I believe it is lazy security and if your perimeter fails, all inside points are screwed. That and you will need far bigger boxen to process that sort of thing.</div>
<div><br></div><div>Unless of course you are an SP offering security or protection as a service... then you need to look everything in a very different way. You need to figure out WHY and WHAT you are doing, and then put in place processes for it.</div>
<div><br></div><div>NTP is just the flavour of the past month... there are squillions of other scans and attacks which hit all day every day and you need to be prepared for all of them at the host level.</div><div><br></div>
<div>If your network is an enterprise style, then you should have good perimeter security and also be considering firewalls, IPS, etc... and actually proactively look at it... the set and forget mentality just pisses me off.</div>
<div><br></div><div>I recently had a customer that spent over 100k on perimeter security - and nice kit too... but when I asked to see the procedures for what happens when something is detected, etc etc... they didn't have anything, nor was it anyones job to be watching it. It is the difference between installing bars on a house, and having a security guard wandering past every few hours.</div>
<div><br></div><div>Let me know if you want to talk to someone... I have a couch for you to lie on :)</div></div><div class="gmail_extra"><br clear="all"><div><div dir="ltr"><div><br>...Skeeve</div><div><br></div><div><div>
<b style="font-size:13px;font-family:Calibri">Skeeve Stevens - </b><span style="font-size:13px;font-family:Calibri">eintellego Networks Pty Ltd</span></div><div><div><span style="font-family:Calibri;font-size:13px"><a href="mailto:skeeve@eintellegonetworks.com" target="_blank">skeeve@eintellegonetworks.com</a> ; <a href="http://www.eintellegonetworks.com/" target="_blank">www.eintellegonetworks.com</a></span><font><p style="font-family:Calibri;font-size:13px;margin:0px">
Phone: 1300 239 038; Cell +61 (0)414 753 383 ; <a>skype://skeeve</a></p><p style="font-family:Calibri;font-size:13px;margin:0px"><a href="http://facebook.com/eintellegonetworks" target="_blank">facebook.com/eintellegonetworks</a> ; <a href="http://twitter.com/networkceoau" target="_blank"></a><a href="http://linkedin.com/in/skeeve" target="_blank">linkedin.com/in/skeeve</a> </p>
<p style="font-family:Calibri;font-size:13px;margin:0px"><a href="http://twitter.com/theispguy" target="_blank">twitter.com/theispguy</a><span style="color:rgb(0,0,0)"> ; blog: </span><a href="http://www.theispguy.com/" target="_blank">www.theispguy.com</a><br>
</p><p style="font-family:Calibri;font-size:13px;margin:0px"><img src="http://eintellegonetworks.com/logos/ein09.png"><br></p><p style="margin:0px"><span style="color:rgb(127,0,127);font-family:Calibri,sans-serif;font-size:13px">The Experts Who The Experts Call</span></p>
</font></div><div style="font-family:Calibri,sans-serif;font-size:14px;color:rgb(127,0,127)"><span style="color:rgb(0,32,96);font-size:13px">Juniper - Cisco </span><span style="color:rgb(0,32,96);font-size:13px">- Cloud</span><span style="color:rgb(0,32,96);font-size:13px"> </span><span style="color:rgb(0,32,96);font-size:13px">- Consulting</span><span style="color:rgb(0,32,96);font-size:13px"> </span><span style="color:rgb(0,32,96);font-size:13px">- IPv4 Brokering</span></div>
</div></div></div></div>
<br><br><div class="gmail_quote">On Tue, Apr 15, 2014 at 2:32 PM, Joshua D'Alton <span dir="ltr"><<a href="mailto:joshua@railgun.com.au" target="_blank">joshua@railgun.com.au</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
<div dir="ltr">Pretty sure BGP communities won't help with this, you could email skeeve this is probably the sort of thing they do.</div><div class="gmail_extra"><br><br><div class="gmail_quote">On Tue, Apr 15, 2014 at 2:09 PM, Andrew Tschudi <span dir="ltr"><<a href="mailto:andrewtschudi@gmail.com" target="_blank">andrewtschudi@gmail.com</a>></span> wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div dir="ltr"><div>We have been receiving unwanted inbound NTP traffic towards multiple different servers within our network. This has been creating days of pain and after liaising with our upstream provider it turns out that they have no BGP communities. Had they had BGP Communities, this would then allow me to block the traffic from reaching my routers, which are continuously being flooded. I figure, it’s now time for me to attempt to source some external help.<br>
</div><div> </div><div>Can anyone on provide any recommendations for sourcing professional services that would be trusted in advising the best way to protect and secure our network?</div><span><font color="#888888"><div>
<br></div><div>Andrew</div></font></span></div>
<br>_______________________________________________<br>
AusNOG mailing list<br>
<a href="mailto:AusNOG@lists.ausnog.net" target="_blank">AusNOG@lists.ausnog.net</a><br>
<a href="http://lists.ausnog.net/mailman/listinfo/ausnog" target="_blank">http://lists.ausnog.net/mailman/listinfo/ausnog</a><br>
<br></blockquote></div><br></div>
<br>_______________________________________________<br>
AusNOG mailing list<br>
<a href="mailto:AusNOG@lists.ausnog.net">AusNOG@lists.ausnog.net</a><br>
<a href="http://lists.ausnog.net/mailman/listinfo/ausnog" target="_blank">http://lists.ausnog.net/mailman/listinfo/ausnog</a><br>
<br></blockquote></div><br></div>