[29743] in North American Network Operators' Group

home	help	back	first	fref	pref	prev	next	nref	lref	last	post

Re: RBL-type BGP service for known rogue networks?

daemon@ATHENA.MIT.EDU (Dan Hollis)
Thu Jul 6 17:31:33 2000

Date: Thu, 6 Jul 2000 13:46:00 -0700 (PDT)
From: Dan Hollis <goemon@sasami.anime.net>
To: "Richard A. Steenbergen" <ras@e-gerbil.net>
Cc: Valdis.Kletnieks@vt.edu,
	Karyn Ulriksen <kulriksen@publichost.com>, nanog@merit.edu
In-Reply-To: <Pine.BSF.4.21.0007061601270.21550-100000@overlord.e-gerbil.net>
Message-ID: <Pine.LNX.4.21.0007061344170.398-100000@anime.net>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Errors-To: owner-nanog-outgoing@merit.edu


On Thu, 6 Jul 2000, Richard A. Steenbergen wrote:
> DoS attacks with possible spoofed source addresses would obviously not be 
> a good criteria to blackhole by... Unauthorized mass vunerability scans on 
> the other hand, COULD be.

The criteria for the blackhole list:

1) Someone sets up server X on company Y network and starts rooting sites.
2) company Y, once notified, refuses to shut down server X, even when its
   been CONFIRMED server X is indeed rooting sites.
3) company Y has a HISTORY of such attacks and refuses to take any action.

tin.it obviously fits all 3 criteria and thus would be blackholed. it
might not get them to change their behaviour, but at least people who
subscribe to the blackhole list wouldnt be rooted by tin.it customers

-Dan

home	help	back	first	fref	pref	prev	next	nref	lref	last	post