[47843] in North American Network Operators' Group
Re: Arbor Networks DoS defense product
daemon@ATHENA.MIT.EDU (Scott Francis)
Thu May 16 12:29:38 2002
Date: Thu, 16 May 2002 09:26:06 -0700
From: Scott Francis <darkuncle@darkuncle.net>
To: PJ <briareos@otherlands.net>,
"Johannes B. Ullrich" <jullrich@sans.org>,
Dan Hollis <goemon@anime.net>, nanog@merit.edu
Message-ID: <20020516162606.GH50984@darkuncle.net>
Mail-Followup-To: Scott Francis <darkuncle@darkuncle.net>,
PJ <briareos@otherlands.net>,
"Johannes B. Ullrich" <jullrich@sans.org>,
Dan Hollis <goemon@anime.net>, nanog@merit.edu
Mime-Version: 1.0
Content-Type: multipart/signed; micalg=pgp-ripemd160;
protocol="application/pgp-signature"; boundary="/Gk0KcsbyUMelFU1"
Content-Disposition: inline
In-Reply-To: <20020516011900.GD2239@elvander.otherlands.net>
Errors-To: owner-nanog-outgoing@merit.edu
--/Gk0KcsbyUMelFU1
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable
On Wed, May 15, 2002 at 06:19:00PM -0700, briareos@otherlands.net said:
[snip]
> On Wed, 15 May 2002, Johannes B. Ullrich wrote:
[briareos@otherlands.net]
> > > > Even more, I would hate to see the advocation of a hostile reaction=
to=20
> > > > what, so far, is not considered a crime.
> >=20
> > I agree. Scanning is no crime. But blocking isn't a crime either.
>=20
> Agreed. But this blocking still will do no good. My previous
> questions still stand. What about timing? What about breaking up
> segements of the network to be scanned by different hosts? How many
> hits on the linemines constitute blocking? Are you blocking hosts or
> networks? Either way, what about dynamic ips? What about scans done
> from different networks other than that which the supposed attacker is
> originating from. Universitys, unsecured wireless lans, etc.
So because we can't implement a perfect solution, let's do nothing at all
about the problem?
> PJ
--=20
Scott Francis darkuncle@ [home:] d a r k u n c l e . n e t
Systems/Network Manager sfrancis@ [work:] t o n o s . c o m
GPG public key 0xCB33CCA7 illum oportet crescere me autem minui
--/Gk0KcsbyUMelFU1
Content-Type: application/pgp-signature
Content-Disposition: inline
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (FreeBSD)
Comment: For info see http://www.gnupg.org
iQIXAwUBPOPdnYgCD7rLM8ynFAOLxgf/REde578wZJRPyn59SLCGwqTiam40WeUI
tyAZh5IoNhW4uZR1jp6pXi/zOQHXv20plZ/9yZI5dx56hBqke2A1BBAhCm17nWxV
L+JBN2T7db2yj8VAVZm3O4z6dquhspzabe7ba/lSWVS4sprewIuGBpN8tCCjejAn
2pdm0V3GMEcuEzqVusDLW4XqZqq51QhpbuvM4j3O36rs9Ml7hWkXlJjksuKQ83PS
bdW12u7vw1Tr2LyRVad7Wg3nx5/B/Em5k8XrzRy8GwQ/AAX60dE2kMWMN5PZrLev
5AEv7GHJiUL4G13XbvXKQlVHk5EybgPQs4O8DP0sQfXJ/E8jCkj4cQf+IbXjSwTi
I4RGTGsPhcyZP3exMVeHSaHxY6GBVEyLFn/erjCHcGH0WNIvSo49zgx1MSS1xh9A
WTt3A6aZWx5RHidE1p/djDxi1l1fbKHmAg5Vt7N5PNUjhhQGPWLfQXqqQiL8kW8O
JdckmNaKMXErvs/lIjDoiI2CLlR7lTRjx4cCTiPMyfrJJTwuVZyh7m9FCkf2Al33
4NfhbOtrmQzeaHdw5FcjcV9m2lrJ5TdMk0ILRgttw6H1wUNr3fLRtVAM3hI36vC1
bq5G6wO7FUwaJ5+31nsrpVtMF36yDajEEijmKAsEEIRamqwYeMWTg10Hz3LY2u17
EiaXKaXlXm87Vg==
=oWC0
-----END PGP SIGNATURE-----
--/Gk0KcsbyUMelFU1--
