[39750] in North American Network Operators' Group
RE: filtering whitehouse.gov?
daemon@ATHENA.MIT.EDU (Matt Levine)
Sun Jul 22 00:25:06 2001
From: "Matt Levine" <matt@deliver3.com>
To: "'John Starta'" <john@starta.org>,
"'jono@networkcommand.com'" <jono@microshaft.org>
Cc: "'Andreas Plesner Jacobsen - Tiscali'" <apjacobsen@dk.tiscali.com>,
<nanog@nanog.org>
Date: Sun, 22 Jul 2001 00:23:53 -0400
Message-ID: <000001c11266$1e627e20$6401a8c0@m00se>
MIME-Version: 1.0
Content-Type: text/plain;
charset="us-ascii"
Content-Transfer-Encoding: 7bit
In-Reply-To: <5.1.0.14.2.20010721185942.036f5ec0@popcorn>
Errors-To: owner-nanog-outgoing@merit.edu
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Moreover, bbn (whitehouse.gov's upstream) is blackholing it
themselves, why would you NOT blackhole it and waste your bw when
it's gonna get blackholed along the way anyway?
Matt
- --
Matt Levine
@Home: matt@deliver3.com
@Work: matt@eldosales.com
ICQ : 17080004
PGP : http://pgp.mit.edu:11371/pks/lookup?op=get&search=0x6C0D04CF
- -----Original Message-----
From: owner-nanog@merit.edu [mailto:owner-nanog@merit.edu] On Behalf
Of John Starta
Sent: Saturday, July 21, 2001 10:10 PM
To: jono@networkcommand.com
Cc: Andreas Plesner Jacobsen - Tiscali; nanog@nanog.org
Subject: Re: filtering whitehouse.gov?
At 04:29 PM 7/21/01 -0700, Jon O . wrote:
>On 22-Jul-2001, Andreas Plesner Jacobsen - Tiscali wrote:
>
> > No, since it is known that the provider hosting www1 and
> > www2.whitehouse.gov has already blackholed www1, and
> > www.whitehouse.gov only resolves to www2 now. And then there's
> > the big difference between operational stability and poltical
> > stability, of which operational is the primary concern to me at
> > least.
>
>Yes, because your fix is for this worm and luckily it only attacks
>www1. The next one might not be so benign and blackholing routes is
>not the answer. Also, it makes it harder to ID infected hosts so
>you can fix them.
Blackholing routes doesn't prevent you from identifying possibility
infected hosts. It simply means that you're not going to participate
in the
abuse of anothers network and/or host. You can still log the traffic
destine for the target.
jas
-----BEGIN PGP SIGNATURE-----
Version: PGPfreeware 7.0.3 for non-commercial use <http://www.pgp.com>
iQA/AwUBO1pVWcp0j1NsDQTPEQKQoACgzipHzlRlxWBkI+hbTcwaNbLeyUAAoNd0
UWLxY5wLzirdYfYQqzBj+Jzj
=KEGb
-----END PGP SIGNATURE-----
