[39746] in North American Network Operators' Group
Re: filtering whitehouse.gov?
daemon@ATHENA.MIT.EDU (Jon O .)
Sat Jul 21 19:30:35 2001
Date: Sat, 21 Jul 2001 16:29:51 -0700
From: "Jon O ." <jono@microshaft.org>
To: Andreas Plesner Jacobsen - Tiscali <apjacobsen@dk.tiscali.com>
Cc: nanog@nanog.org
Message-ID: <20010721162951.D86996@networkcommand.com>
Reply-To: "jono@networkcommand.com" <jono@microshaft.org>
Mime-Version: 1.0
Content-Type: multipart/signed; micalg=pgp-md5;
protocol="application/pgp-signature"; boundary="DKU6Jbt7q3WqK7+M"
Content-Disposition: inline
In-Reply-To: <20010722010846.L27867@wol.dk>; from apjacobsen@dk.tiscali.com on Sun, Jul 22, 2001 at 01:08:46AM +0200
Errors-To: owner-nanog-outgoing@merit.edu
--DKU6Jbt7q3WqK7+M
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable
On 22-Jul-2001, Andreas Plesner Jacobsen - Tiscali wrote:
> On Sat, Jul 21, 2001 at 03:43:48PM -0700, Jon O . wrote:
>=20
> > > A couple of days ago I mentioned here that I have nullrouted the IP w=
hich
> > > whitehouse.gov resolves to. After that I received some mail in private
> > > mentioning not only the fact that I filtered the wrong IP (that's fixt
> > > now) but also the dangers of posting about such a thing here. "Hey, he
> > > nullroutes them, let's do it too!".
> > >=20
> > I understand your need to do something like this, but you are=20
> > essentially causing the worm to fulfill it's goal and
> > censoring your customers. I worried that many people would do this.=20
>=20
> No, since it is known that the provider hosting www1 and
> www2.whitehouse.gov has already blackholed www1, and www.whitehouse.gov
> only resolves to www2 now.
> And then there's the big difference between operational stability and
> poltical stability, of which operational is the primary concern to me at
> least.
Yes, because your fix is for this worm and luckily it only attacks www1.=20
The next one might not be so benign and blackholing routes is not the=20
answer. Also, it makes it harder to ID infected hosts so you can fix them.
--DKU6Jbt7q3WqK7+M
Content-Type: application/pgp-signature
Content-Disposition: inline
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (FreeBSD)
Comment: For info see http://www.gnupg.org
iD8DBQE7WhBt6nXMS6O+1XQRAppIAKCSMITKm+SKtjvkl56cPc3V7fw+4gCggPi8
q9ohA7EC7+V3+Tt8ezUwavw=
=KQTB
-----END PGP SIGNATURE-----
--DKU6Jbt7q3WqK7+M--
