[29742] in North American Network Operators' Group
Re: RBL-type BGP service for known rogue networks?
daemon@ATHENA.MIT.EDU (Dan Hollis)
Thu Jul 6 17:22:39 2000
Date: Thu, 6 Jul 2000 13:39:32 -0700 (PDT)
From: Dan Hollis <goemon@sasami.anime.net>
To: Valdis.Kletnieks@vt.edu
Cc: Karyn Ulriksen <kulriksen@publichost.com>,
"'nanog@merit.edu'" <nanog@merit.edu>
In-Reply-To: <200007061939.e66Jd2S26426@black-ice.cc.vt.edu>
Message-ID: <Pine.LNX.4.21.0007061338490.398-100000@anime.net>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Errors-To: owner-nanog-outgoing@merit.edu
On Thu, 6 Jul 2000 Valdis.Kletnieks@vt.edu wrote:
> The biggest problem is that it's a lot easier to verify that a given site
> is a spamhaus. Remember that source IP addresses (which is all that your
> border router sees) are forgeable - making for a nice DOS attack. Forge
> packets from a competitor's site, get them labelled as a skriptz kiddie site,
> and BGP-blackholed.
There are ways of confirming, and they wouldnt be blackholed unless it was
confirmed. I know the issues with forged source IPs and the blackhole list
would take that into account.
-Dan
