North American Network Operators Group

Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

RE: RBL-type BGP service for known rogue networks?

  • From: Karyn Ulriksen
  • Date: Thu Jul 06 21:02:44 2000

Do you think that the car thief scenario comes into play here?  Maybe an
alarm system wont *really* keep a determined thief from stealing a car, but
isn't he more likely to move onto something easier?

And, yes, I do understand the mentality of the "bigger challenge".  But,
I've been able to identify the true source of a forged packet and filter it
knowing that they could switch to attacking from another IP.  However, I
think only once or twice out of thirty or so incidents over the past few
years have they come back in anytime soon from anywhere else.

Karyn

-----Original Message-----
From: [email protected] [mailto:[email protected]]
Sent: Thursday, July 06, 2000 2:35 PM
To: Dan Hollis
Cc: [email protected]
Subject: Re: RBL-type BGP service for known rogue networks?



On Thu, 6 Jul 2000, Dan Hollis wrote:

> 1) Someone sets up server X on company Y network and starts rooting sites.
> 2) company Y, once notified, refuses to shut down server X, even when its
>    been CONFIRMED server X is indeed rooting sites.
> 3) company Y has a HISTORY of such attacks and refuses to take any action.
> 
> tin.it obviously fits all 3 criteria and thus would be blackholed. it
> might not get them to change their behaviour, but at least people who
> subscribe to the blackhole list wouldnt be rooted by tin.it customers

Except that any good script kid has root on numerous boxes.  Just blocking
a well known site full of rooted boxes probably won't do much good since
they crack and scan from random boxes all over the world as they root
them.

----------------------------------------------------------------------
 Jon Lewis *[email protected]*|  I route
 System Administrator        |  therefore you are
 Atlantic Net                |  
_________ http://www.lewis.org/~jlewis/pgp for PGP public key_________