[47860] in North American Network Operators' Group
Re: Arbor Networks DoS defense product
daemon@ATHENA.MIT.EDU (Scott Francis)
Fri May 17 10:15:43 2002
Date: Fri, 17 May 2002 07:12:06 -0700
From: Scott Francis <darkuncle@darkuncle.net>
To: Dan Hollis <goemon@anime.net>
Cc: Dragos Ruiu <dr@kyx.net>, "'nanog@merit.edu'" <nanog@merit.edu>
Message-ID: <20020517141206.GC56860@darkuncle.net>
Mail-Followup-To: Scott Francis <darkuncle@darkuncle.net>,
Dan Hollis <goemon@anime.net>, Dragos Ruiu <dr@kyx.net>,
"'nanog@merit.edu'" <nanog@merit.edu>
Mime-Version: 1.0
Content-Type: multipart/signed; micalg=pgp-ripemd160;
protocol="application/pgp-signature"; boundary="c3bfwLpm8qysLVxt"
Content-Disposition: inline
In-Reply-To: <Pine.LNX.4.44.0205170048560.32145-100000@sasami.anime.net>
Errors-To: owner-nanog-outgoing@merit.edu
--c3bfwLpm8qysLVxt
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable
On Fri, May 17, 2002 at 12:50:40AM -0700, goemon@anime.net said:
>=20
> On Thu, 16 May 2002, Dragos Ruiu wrote:
> > But that said. Blackholing as a response for portscanning
> > is stupid.
> > If you are a small communications end-point it's dumb.
> > Just run portsentry for a while with auto-firewall rules
> > if you need convincing.
> > If you are a communications service provider providing
> > packet transit for others (even employees), it's hostile.
So it's stupid. Or hostile. Certainly no more stupid (or hostile) than
sending out millions of spams, or being the source of thousands of
portscans/intrusion attempts, and refusing to take responsibility.
Bottom line: network policy is the responsibility of the network operator. =
If
he/she does something that causes bad repercussions (financially), he/she
will probably be job hunting. Otherwise, if it's not your network, you real=
ly
don't have much of a say about how it's run, do you?
(If it were otherwise, large sections of APNIC would have been cleaned up
long ago by those on the receiving end of portscans and spam.)
--=20
Scott Francis darkuncle@ [home:] d a r k u n c l e . n e t
Systems/Network Manager sfrancis@ [work:] t o n o s . c o m
GPG public key 0xCB33CCA7 illum oportet crescere me autem minui
--c3bfwLpm8qysLVxt
Content-Type: application/pgp-signature
Content-Disposition: inline
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (FreeBSD)
Comment: For info see http://www.gnupg.org
iQIXAwUBPOUPtYgCD7rLM8ynFANf/wf+NQR/zcXUa7KHI+PJyh1AL3pEvtxND+LW
HCMZey0Ri0Mopy8/u8JftDINyNbX5xLFW1PUhzOyJYkgyNS6etDpbzXCNVNupVsU
gWLH1ASgM8yjfVzXjRb//EksutPrdVXrLT0JI523TZ8bdT9+URK9lpGLRVQKWMFQ
KLbcBvFwp9co9i/ycYlly1V++lOATb+yuuzVqtilTnW1JaPsPdGZw0H6oc0mLZSf
DAedVD3hhRAJDamJUl2sdww1f5ZwwCgWJK5BP6/R5fXrqOqj3IV4C5XxHjIylM76
t68opfdE6790VG2aUk9k1Pb3eYstX6s1/kFfDO5ki5S+17pdSO4UgAf9EduBU2Wb
VRq94nAzqW0dFBwdYH/ULCKrLv0EJPX6SJz6A2Wl81e+U7hSjtBwpQhg94jPqwt4
CV3VWzl1WTrDLbBe4KScBN5qD7OjVZMVMVAAmyL12bJ1AZk4UnR7kvbg8xX+IQE4
0EZ4jcuwhWlIwgytHEO3814oVqcgtphwdHL9XFvbNsqhtDTypT56OZtU1jePvMWA
WgrSzVAQUvuipRikPZo/wfh8coV0glkIGHeILxcACQsx8tTNXlue48xScJsBX3j5
Q6CQ9UqT7BM5MsXv2sF0oKm80eayENKLEQrvHUlSThbIw8duKchVDFjHWJiZjc6s
8hmHh/b/YnPFdw==
=Kt9J
-----END PGP SIGNATURE-----
--c3bfwLpm8qysLVxt--
