[29762] in North American Network Operators' Group
RE: RBL-type BGP service for known rogue networks?
daemon@ATHENA.MIT.EDU (Karyn Ulriksen)
Thu Jul 6 21:01:55 2000
Message-ID: <0127E258EE29D3118A0F00609765B44831788A@subnet-gw-00053.sitestream.net>
From: Karyn Ulriksen <kulriksen@publichost.com>
To: "'nanog@merit.edu'" <nanog@merit.edu>
Date: Thu, 6 Jul 2000 16:23:54 -0700
MIME-Version: 1.0
Content-Type: text/plain;
charset="iso-8859-1"
Errors-To: owner-nanog-outgoing@merit.edu
Do you think that the car thief scenario comes into play here? Maybe an
alarm system wont *really* keep a determined thief from stealing a car, but
isn't he more likely to move onto something easier?
And, yes, I do understand the mentality of the "bigger challenge". But,
I've been able to identify the true source of a forged packet and filter it
knowing that they could switch to attacking from another IP. However, I
think only once or twice out of thirty or so incidents over the past few
years have they come back in anytime soon from anywhere else.
Karyn
-----Original Message-----
From: jlewis@lewis.org [mailto:jlewis@lewis.org]
Sent: Thursday, July 06, 2000 2:35 PM
To: Dan Hollis
Cc: nanog@merit.edu
Subject: Re: RBL-type BGP service for known rogue networks?
On Thu, 6 Jul 2000, Dan Hollis wrote:
> 1) Someone sets up server X on company Y network and starts rooting sites.
> 2) company Y, once notified, refuses to shut down server X, even when its
> been CONFIRMED server X is indeed rooting sites.
> 3) company Y has a HISTORY of such attacks and refuses to take any action.
>
> tin.it obviously fits all 3 criteria and thus would be blackholed. it
> might not get them to change their behaviour, but at least people who
> subscribe to the blackhole list wouldnt be rooted by tin.it customers
Except that any good script kid has root on numerous boxes. Just blocking
a well known site full of rooted boxes probably won't do much good since
they crack and scan from random boxes all over the world as they root
them.
----------------------------------------------------------------------
Jon Lewis *jlewis@lewis.org*| I route
System Administrator | therefore you are
Atlantic Net |
_________ http://www.lewis.org/~jlewis/pgp for PGP public key_________
