[29843] in North American Network Operators' Group
RE: RBL-type BGP service for known rogue networks?
daemon@ATHENA.MIT.EDU (rdobbins@netmore.net)
Fri Jul 7 19:38:21 2000
Message-ID: <7BDBFDCDD02AD311AB2700104BC4F3F7B662FB@atshost001>
From: rdobbins@netmore.net
To: jtk@aharp.is-net.depaul.edu, nanog@merit.edu
Date: Fri, 7 Jul 2000 16:19:27 -0700
MIME-Version: 1.0
Content-Type: text/plain;
charset="iso-8859-1"
Errors-To: owner-nanog-outgoing@merit.edu
But that's why we have human beings in the NOCs, no?
As I'm mucking about with the Cisco Netranger/IDS on one of my networks,
I've been able to winnow down the false-positives substantially, and am
still working on improving its reliability further.
I certainly don't think that intrusion-detection makes sense for the
backbones and NAPs and so forth, but when you get closer to the
traffic-orginator/requestor boundaries of the network, it becomes more
feasible, does it not?
-----Original Message-----
From: John Kristoff [mailto:jtk@depaul.edu]
Sent: Friday, July 07, 2000 1:59 PM
To: nanog@merit.edu
Subject: Re: RBL-type BGP service for known rogue networks?
rdobbins@netmore.net wrote:
> Isn't that why some sort of intrusion/exploit-detection system integrated
> with ACLs would perhaps be a better remedy?
Dealing with false positives and "intentional" black holing would be a
difficult thing to get right. It sounds like the MAPS approach someone
mentioned earlier would be workable.
John
