North American Network Operators Group Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical RE: filtering whitehouse.gov?
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Moreover, bbn (whitehouse.gov's upstream) is blackholing it themselves, why would you NOT blackhole it and waste your bw when it's gonna get blackholed along the way anyway? Matt - -- Matt Levine @Home: [email protected] @Work: [email protected] ICQ : 17080004 PGP : http://pgp.mit.edu:11371/pks/lookup?op=get&search=0x6C0D04CF - -----Original Message----- From: [email protected] [mailto:[email protected]] On Behalf Of John Starta Sent: Saturday, July 21, 2001 10:10 PM To: [email protected] Cc: Andreas Plesner Jacobsen - Tiscali; [email protected] Subject: Re: filtering whitehouse.gov? At 04:29 PM 7/21/01 -0700, Jon O . wrote: >On 22-Jul-2001, Andreas Plesner Jacobsen - Tiscali wrote: > > > No, since it is known that the provider hosting www1 and > > www2.whitehouse.gov has already blackholed www1, and > > www.whitehouse.gov only resolves to www2 now. And then there's > > the big difference between operational stability and poltical > > stability, of which operational is the primary concern to me at > > least. > >Yes, because your fix is for this worm and luckily it only attacks >www1. The next one might not be so benign and blackholing routes is >not the answer. Also, it makes it harder to ID infected hosts so >you can fix them. Blackholing routes doesn't prevent you from identifying possibility infected hosts. It simply means that you're not going to participate in the abuse of anothers network and/or host. You can still log the traffic destine for the target. jas -----BEGIN PGP SIGNATURE----- Version: PGPfreeware 7.0.3 for non-commercial use <http://www.pgp.com> iQA/AwUBO1pVWcp0j1NsDQTPEQKQoACgzipHzlRlxWBkI+hbTcwaNbLeyUAAoNd0 UWLxY5wLzirdYfYQqzBj+Jzj =KEGb -----END PGP SIGNATURE-----
|