[47859] in North American Network Operators' Group
Re: Arbor Networks DoS defense product
daemon@ATHENA.MIT.EDU (Scott Francis)
Fri May 17 10:12:37 2002
Date: Fri, 17 May 2002 07:08:47 -0700
From: Scott Francis <darkuncle@darkuncle.net>
To: Dan Hollis <goemon@anime.net>
Cc: Dragos Ruiu <dr@kyx.net>, "'nanog@merit.edu'" <nanog@merit.edu>
Message-ID: <20020517140847.GB56860@darkuncle.net>
Mail-Followup-To: Scott Francis <darkuncle@darkuncle.net>,
Dan Hollis <goemon@anime.net>, Dragos Ruiu <dr@kyx.net>,
"'nanog@merit.edu'" <nanog@merit.edu>
Mime-Version: 1.0
Content-Type: multipart/signed; micalg=pgp-ripemd160;
protocol="application/pgp-signature"; boundary="E39vaYmALEf/7YXx"
Content-Disposition: inline
In-Reply-To: <Pine.LNX.4.44.0205161441570.27063-100000@sasami.anime.net>
Errors-To: owner-nanog-outgoing@merit.edu
--E39vaYmALEf/7YXx
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable
On Thu, May 16, 2002 at 02:44:58PM -0700, Dan Hollis <DH> said, in response
to a message on Thu, 16 May 2002 by Dragos Ruiu <DR>:
<DR> Some people are get all hyper and complain. Which is silly imho.
<DR> If you don't like it, stop your network from responding to it.
<DH> Thats exactly what we plan to do with BGP blackholes and landmines.
<DR> Don't bitch and whine if your equipment is silly and leaks info. It's=
=20
<DR> not the world's problem to compensate for _your_ inferior network=20
<DR> architecture or shoddily designed network hardware.
<DH> Then you shouldnt be whining about a BGP blackhole system.
<DR> Portscanning by no means proves "intent". Or should provoke hostile
<DR> reaction.
WRONG. Time to retake Logic 101 and Ethics 101. What other intent than mali=
ce
(or, at best, "unhealthy interest in somebody else's network") could
portscanning someone else's network show? If you don't own it, and aren't
involved in an official capacity, chances are high that you should Just Stay
Off. This includes portscans. To do otherwise shows you are probing for
points of attack/entry - I don't see how you can argue otherwise. If I am
missing the obvious altruistic motive for portscanning, please enlighten me.
A portscan is a sign that somebody is probing your defenses, trying to find
out where they might get in. Why should this NOT get a hostile (or at least
defensive) reaction? Looking for any legitimate reason here.
<DH> Blackholing isnt hostile its defensive.
<DR> But then again I'm of the radical opinion that if your host is comprom=
ised
<DR> it is your fault for not taking appropriate precautions on inbound
<DR> filters or gateways.
Obviously, the person that actually did the typing to crack a machine is not
responsible for his/her keystrokes. The person that scanned the network to
find weaknesses is surely not culpable for gathering and using such
information. Just like if a bank has 100-year-old security and leave the
vault door open, the person that walks in and picks up a bag of money is not
responsible for stealing - it's the bank's fault for not providing adequate
security.
Yes, network operators have a responsibility to their shareholders, if nobo=
dy
else, to secure their networks. But that IN NO WAY takes the responsibility
for illegal action off the shoulders of the person that committed it.
<DH> The blackholing is the response to networks which cant be bothered to=
=20
<DH> clean up their compromised hosts. Youre ranting against the wrong targ=
et=20
<DH> im afraid. Please go back and read the thread from the beginning.
<DR> I can't help it if your host does funny things when I send them funny=
=20
<DR> packets.... :-)
<DH> Why are you sending funny packets?
Exactly. If you want to send funny packets, send them to your OWN network, =
or
get a job as a security consultant and do this kind of thing for money. Don=
't
try to rationalize illegal behaviour by shifting blame to somebody else.
(Note: again, not saying portscanning is illegal. Other activity (break-ins,
etc.) has been discussed in this message.)
--=20
Scott Francis darkuncle@ [home:] d a r k u n c l e . n e t
Systems/Network Manager sfrancis@ [work:] t o n o s . c o m
GPG public key 0xCB33CCA7 illum oportet crescere me autem minui
--E39vaYmALEf/7YXx
Content-Type: application/pgp-signature
Content-Disposition: inline
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (FreeBSD)
Comment: For info see http://www.gnupg.org
iQIXAwUBPOUO7ogCD7rLM8ynFAPZKQf/QcHqzaJYvgVTMnMMR5j6p5tImM+kaE5b
F1V5SA+s55eH4Et1poC2aWAt75uv+NHV610pHt/vZ9bO1mi4z8ru7HHXDatYQUe8
17uFItDc1NZ2J9tDR0uny3uAVZfjAJrMHlwyVemGs9NvwMoolGchLwhF+4ibYADA
N15VLem3amf0nXutWvI8wM2y6KiI3Df0KqqLjNzHVKSIzZr2avW6QJIUh1HWXopj
xYAoGhDVanVVt4qx/631vNOCX/+/JvnyrDR4lvvOymh7Yi6STuj8VGCfyWjb+fSR
06QexUmVlHsZ1e6l1l83/jvjlXtnlxotXUize3QRevCpDZtJQYVJKQf8Cp9eqnEi
+AJP8P9AxmnFmXEYD3qX2xbHtQXzfJi/x7KgBuJ76wivjmVB3FMNBEUb+lUcX9wV
G7VCCYYI05iZxaczo9vrg0Ns2fG2cyLx7CD1TujFmscxaM7dFQVUiGZgZMPqUD+C
Qj7q46E+kI/e2xgQ0rqRMoN0Tb23qnjJNW6FyM/5sYc/614hipe6nPlwU0RLKAyR
TRJHoYSA8Iw1+ET4/OPyRQwYz/qIUz44bm1lYiXMdJFbIXPjYJ7imNGCYu5BtQ85
/oRIHNdPRa736P3O0WcNC8ZctLeFX6BarCj9tBFO7qyQCXGYG/dMU2lTCuJmY44K
BhNoKqm6JtV6YQ==
=jBLA
-----END PGP SIGNATURE-----
--E39vaYmALEf/7YXx--
