Security Incidents mailing list archives

Re: IP Black list?

From: EPerrin () METROLAND COM (Elliot Perrin)
Date: Wed, 17 May 2000 11:10:11 -0400


Has anyone thought about the legal ramifications of such a list..
I am sure there are a great many companies who would be rather upset
if their e-commerce came to a grinding halt because of a spoof.

Who bears the legal responsibility in such a scenario.
I mean, think of the DoS done to CNN, Yahoo, etc etc. Wouldn't you be able
to cause
a sort of DoS type attack, allbeit limited to specific networks, by spoofing
an
address within such a companies block, effectively costing them millions if
they were
added to such a list.

This would assume that if you block these networks from coming into your
network,
you are blacklisting the address(es) for the users of your network to get
out to it.

If this list is setup so that you can only refuse inbound access from a
specified
network, but allow outbound access to the same network, then it might fly.
But even ISP's blocks can be spoofed. Imagine sitting on say a
PSI NET or an @home connection, and being refused the ability to do
research, shopping,
surfing, and would there be a liability on the part of the list if ISPs were
to lose
a portion of their client base because of such a situation.

I think this list is far different than mail or relay blacklisting, there
you are only
refusing connections of a specific protocol. This scenario means you are
going to
tell a bunch of networks or hosts to just piss off no matter what it is they
are trying to do.

Then again i may be out to lunch on account of the fact that i only
slept 2 hours last night.

____________________________________________
Elliott Perrin
Metroland Publishing
eperrin () metroland com
tel. 416-798-7623 - ext 317
fax. 905-281-5677

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Yes..... that's a great idea!

Whenever you would like to bother your neighbor, a company, an ISP or
whoelse, just send spoofed packets with anybody else's IP address to
get them blacklisted.

And even when not using IP spoofing, if you're miscoding such a
system or there's a bug in the design, be sure it will get hacked and
communications will be brought down. It's a possible point for an
attacker to get whole networks down. It would be a single point of
failure (SPOF).

Volker Werth

-----BEGIN PGP SIGNATURE-----
Version: PGPfreeware 6.5.1 Int. for non-commercial use
<http://www.pgpinternational.com>

iQA/AwUBOSDztbdVlYEAznqjEQJfcgCgpohkv6vitES5kIk+NYT7HA/DRjgAoK0R
yy+0BT5GRirFu/fAI00ZycS+
=jndV
-----END PGP SIGNATURE-----

Current thread:

Re: unapproved update from [166.93.60.5].61946, (continued)
- - - Re: unapproved update from [166.93.60.5].61946 Jon Lewis (May 18)
- Re: IP Black list? Volker Werth [VWSoft] (May 16)
- Re: IP Black list? Elliot Perrin (May 16)
  - Sniffer files Wozz (May 16)
    - Re: Sniffer files Randy Janinda (May 18)
    - Re: Sniffer files Robert Graham (May 18)
  - Re: IP Black list? Paul L Schmehl (May 16)
  - Re: IP Black list? Joe McAlerney (May 16)
- Re: IP Black list? Robert G. Ferrell (May 16)
- Re: IP Black list? Tarkington, William (W.) (May 16)
- Re: IP Black list? Elliot Perrin (May 17)