[47950] in North American Network Operators' Group
Re: "portscans" (was Re: Arbor Networks DoS defense product)
daemon@ATHENA.MIT.EDU (Dan Hollis)
Sun May 19 03:12:54 2002
Date: Sun, 19 May 2002 00:12:01 -0700 (PDT)
From: Dan Hollis <goemon@anime.net>
To: Scott Francis <darkuncle@darkuncle.net>
Cc: "Greg A. Woods" <woods@weird.com>, <nanog@merit.edu>
In-Reply-To: <20020519031510.GD69382@darkuncle.net>
Message-ID: <Pine.LNX.4.44.0205190004350.9389-100000@sasami.anime.net>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Errors-To: owner-nanog-outgoing@merit.edu
On Sat, 18 May 2002, Scott Francis wrote:
> On Sat, May 18, 2002 at 11:05:34PM -0400, woods@weird.com said:
> > attacked any host or network that I was not directly responsible for.
> > If you don't want the public portions of your network mapped then you
> > should withdraw them from public view.
> Agreed there. Defense is important. It might be good to note that I'm not
> giving a blanket condemnation of all portscans at all times; but as a GENERAL
> RULE, portscans from strangers, especially methodical ones that map out a
> network, are a precursor to some more unsavory activity.
And what the critics keep missing is that it will take several landmine
hits across the internet to invoke a blackhole. Just scanning a few
individual hosts or /24s won't do it.
There are three aims of the landmine project:
1) early warning
2) defensive response
3) deterrence
I realize such a project won't be absolutely, positively perfect in every
aspect, and it won't satisfy 100% of the people 100% of the time. But
that's hardly an excuse to not do it. IMO the positives outweigh the
negatives by far.
-Dan
--
[-] Omae no subete no kichi wa ore no mono da. [-]
