[47833] in North American Network Operators' Group
Re: Arbor Networks DoS defense product
daemon@ATHENA.MIT.EDU (E.B. Dreger)
Wed May 15 22:31:34 2002
Date: Thu, 16 May 2002 02:30:53 +0000 (GMT)
From: "E.B. Dreger" <eddy+public+spam@noc.everquick.net>
To: Clayton Fiske <clay@bloomcounty.org>
Cc: PJ <briareos@otherlands.net>, nanog@merit.edu
In-Reply-To: <20020515181307.D28685@bloomcounty.org>
Message-ID: <Pine.LNX.4.20.0205160225320.28538-100000@www.everquick.net>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Errors-To: owner-nanog-outgoing@merit.edu
CF> Date: Wed, 15 May 2002 18:13:07 -0700
CF> From: Clayton Fiske
CF> There is no preset definition of how it has to work. Perhaps
CF> it can be evolved enough to where it only triggers when an
CF> exploit is attempted, rather than just on a TCP connection.
Sounds sorta like the SMTP *BL debate with a new spin. Data
exist; how one uses them is a matter of preference.
IMHO, landmines would be a very handy way to get a "big picture"
view. What threshold triggers what activity is up to the user.
I could quickly write a script to find origin ASN of anyone who
pings <machine x>, find all prefixes with that origin ASN, and
blackhole them. And it would be a pretty stupid manuever, so I
hopefully would know better.
I don't see how landmines are any different... one needn't use
the feed in a predetermined manner. I think there are more than
a few people who can bang out code, or who know those who can,
hanging out on here.
--
Eddy
Brotsman & Dreger, Inc. - EverQuick Internet Division
Phone: +1 (316) 794-8922 Wichita/(Inter)national
Phone: +1 (785) 865-5885 Lawrence
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Date: Mon, 21 May 2001 11:23:58 +0000 (GMT)
From: A Trap <blacklist@brics.com>
To: blacklist@brics.com
Subject: Please ignore this portion of my mail signature.
These last few lines are a trap for address-harvesting spambots.
Do NOT send mail to <blacklist@brics.com>, or you are likely to
be blocked.
