North American Network Operators Group

Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

Re: Arbor Networks DoS defense product

  • From: Dan Hollis
  • Date: Thu May 16 17:47:54 2002

On Thu, 16 May 2002, Dragos Ruiu wrote:
> Some people are get all hyper and complain.  Which is silly imho.
> If you don't like it, stop your network from responding to it.

Thats exactly what we plan to do with BGP blackholes and landmines.

> Don't bitch and whine if your equipment is silly and leaks info. It's 
> not the world's problem to compensate for _your_ inferior network 
> architecture or shoddily designed network hardware.

Then you shouldnt be whining about a BGP blackhole system.

> Portscanning by no means proves "intent". Or should provoke hostile reaction.

Blackholing isnt hostile its defensive.

> But then again I'm of the radical opinion that if your host is compromised
> it is your fault for not taking appropriate precautions on inbound filters or 
> gateways.

The blackholing is the response to networks which cant be bothered to 
clean up their compromised hosts. Youre ranting against the wrong target 
im afraid. Please go back and read the thread from the beginning.

> I can't help it if your host does funny things when I send them funny 
> packets.... :-)

Why are you sending funny packets?

-Dan
-- 
[-] Omae no subete no kichi wa ore no mono da. [-]