North American Network Operators Group

Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

Re: Arbor Networks DoS defense product

  • From: PJ
  • Date: Wed May 15 21:27:41 2002

On Wed, 15 May 2002, Clayton Fiske wrote:

> On Wed, May 15, 2002 at 06:04:40PM -0700, PJ wrote:
> > Sorry for not including nanog in the reply.  What about MAPS?  They
> > routinely scan netblocks without consent.  Does this tool
> > differenciate between local and non-local scanning?  Scanning is
> 
> The tool in question may not even exist yet. There is no preset
> definition of how it has to work. Perhaps it can be evolved enough
> to where it only triggers when an exploit is attempted, rather
> than just on a TCP connection.

Granted.  However, if it's not yet in existance, these are good
questions to be asked now instead of later, no?  I would feel much
better about it if it was triggered by an exploit, instead of a
connection.

> > still not a crime and it will still do nothing to deter anyone with
> > hostile intentions.  This is just a bandaid to avoid taking proper
> > security precautions.
> 
> I can take all the proper security precautions and it doesn't stop
> third party network A from being exploited and later used to attack
> me. The point of this is that it will help identify a specific host
> which is scanning many blocks belonging to many different networks.
> If they hit several landmines in my network, I might be concerned.
> If they hit landmines in my network and 6 others to which I have no
> affiliation, the net as a whole might want to know about it.

Granted.  However, the suggestion to place said host/network into some
sort of BGP black hole, has it's problems.  The community has a whole
already has an idea of which networks have an greater precentage of
attacks originating from it, an alert is fine, a pre-emptive strike in
the absence of an actual attack is not.

> I don't think anyone said this was intended to take the place of
> security on their own networks. But I don't see how that aspect
> makes this a bad tool on its own either way.

Yes, that was perhaps an implication made on my part.  However, there
are still concerns with the idea that have yet to be addressed.

PJ

-- 
Art is a lie which makes us realize the truth.
                -- Picasso