North American Network Operators Group Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical RE: RBL-type BGP service for known rogue networks?
Do you think that the car thief scenario comes into play here? Maybe an alarm system wont *really* keep a determined thief from stealing a car, but isn't he more likely to move onto something easier? And, yes, I do understand the mentality of the "bigger challenge". But, I've been able to identify the true source of a forged packet and filter it knowing that they could switch to attacking from another IP. However, I think only once or twice out of thirty or so incidents over the past few years have they come back in anytime soon from anywhere else. Karyn -----Original Message----- From: [email protected] [mailto:[email protected]] Sent: Thursday, July 06, 2000 2:35 PM To: Dan Hollis Cc: [email protected] Subject: Re: RBL-type BGP service for known rogue networks? On Thu, 6 Jul 2000, Dan Hollis wrote: > 1) Someone sets up server X on company Y network and starts rooting sites. > 2) company Y, once notified, refuses to shut down server X, even when its > been CONFIRMED server X is indeed rooting sites. > 3) company Y has a HISTORY of such attacks and refuses to take any action. > > tin.it obviously fits all 3 criteria and thus would be blackholed. it > might not get them to change their behaviour, but at least people who > subscribe to the blackhole list wouldnt be rooted by tin.it customers Except that any good script kid has root on numerous boxes. Just blocking a well known site full of rooted boxes probably won't do much good since they crack and scan from random boxes all over the world as they root them. ---------------------------------------------------------------------- Jon Lewis *[email protected]*| I route System Administrator | therefore you are Atlantic Net | _________ http://www.lewis.org/~jlewis/pgp for PGP public key_________
|