Re: Botnets, IRC servers and firewalls?

["Marcus J. Ranum" <mjr () ranum com>]

Patrick M. Hausen wrote:
> Which still leaves us with the main question: why?
> What are their real objectives?

I don't *KNOW*!!!! I wish I did - anyone on the list care to
comment?

If I had to guess, I'd guess that it's simply a reflexive
effort to remove hassles. We can safely assume that
adding filtering will cause political hassles, technical
hassles, and will increase the chance of the 3:00am
emergency ops pager going off. After all, if you don't
have filtering in place, you'll never have problems
with your filters. :) And, if a worm screws your
company, it's the platform guys who get whacked,
not the network guys - after all, the network keeps
working, right? So I suspect that ingress and egress
filtering are really something that networkers try to
immediately deflect with an SEP field (Someone
Else's Problem)

> I mean, I'm running an ISP here, so I don't read the log
> entries for every blocked packet, but we _do_ monitor
> all customer's lines with MRTG and _of_course_ all the
> routers are configured to do unicast reverse path verification.
> Hasn't brought the backbone to a crawl yet ;-)

Whoah - a Networking Guy who Gets It! Hey, cool!

mjr. 

_______________________________________________
firewall-wizards mailing list
firewall-wizards () honor icsalabs com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards