[47851] in North American Network Operators' Group
Re: Arbor Networks DoS defense product
daemon@ATHENA.MIT.EDU (Dan Hollis)
Fri May 17 03:51:18 2002
Date: Fri, 17 May 2002 00:50:40 -0700 (PDT)
From: Dan Hollis <goemon@anime.net>
To: Dragos Ruiu <dr@kyx.net>
Cc: "'nanog@merit.edu'" <nanog@merit.edu>
In-Reply-To: <200205162318.11885.dr@kyx.net>
Message-ID: <Pine.LNX.4.44.0205170048560.32145-100000@sasami.anime.net>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Errors-To: owner-nanog-outgoing@merit.edu
On Thu, 16 May 2002, Dragos Ruiu wrote:
> But that said. Blackholing as a response for portscanning
> is stupid.
> If you are a small communications end-point it's dumb.
> Just run portsentry for a while with auto-firewall rules
> if you need convincing.
> If you are a communications service provider providing
> packet transit for others (even employees), it's hostile.
What if you are portscanned repeatedly by a network and that network
refuses to shut down their scanners even after being asked many times
(eg, rogue chinese and korean networks)
I think that you should leave network policy up to the service provider to
decide.
-Dan
--
[-] Omae no subete no kichi wa ore no mono da. [-]
