North American Network Operators Group

Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

Re: Arbor Networks DoS defense product

  • From: PJ
  • Date: Wed May 15 20:25:03 2002

On Wed, 15 May 2002, Dan Hollis wrote:

> 
> On Wed, 15 May 2002, Rob Thomas wrote:
> > ] I don't think spoofing will be a problem for the landmines. Most attacks
> > ] (99%?) are tcp.
> > Hmm...  Not based on my research.  The most common attack capabilities in
> > the bots are ICMP and UDP flooders.  After that, IGMP.  Last, TCP.  Most
> > of the DoS tools contain the same attack types as the bots.
> > On the receiving end, upwards of 80% of all the woe I track is not TCP.
> 
> You miss the point of this:
> 
> We are not landmining for DOSing.
> 
> We are landmining to make it very dangerous for attackers to scan networks 
> and probe hosts.
> 
> -Dan
> -- 
> [-] Omae no subete no kichi wa ore no mono da. [-]
> 
> 

Are you now operating under the premise that scans != anything but the
prelude to an attack?  Sorry if I missed it earlier in the thread, but
I would hate to think any legitimate scanning of a network or host
would result in a false positive.  Even more, I would hate to see the
advocation of a hostile reaction to what, so far, is not considered a
crime.

PJ

-- 
He thought of Musashi, the Sword Saint, standing in his garden more than three hundred years ago. "What is the 'Body of a rock'?" he was asked.
In answer, Musashi summoned a pupil of his and bid him kill himself by slashing his abdomen with a knife.  Just as the pupil was about to comply, the Master stayed his hand, saying, "That is the 'Body of a rock'."
                -- Eric Van Lustbader