Security Incidents mailing list archives
Re: IP Black list?
From: EPerrin () METROLAND COM (Elliot Perrin)
Date: Wed, 17 May 2000 11:10:11 -0400
Has anyone thought about the legal ramifications of such a list.. I am sure there are a great many companies who would be rather upset if their e-commerce came to a grinding halt because of a spoof. Who bears the legal responsibility in such a scenario. I mean, think of the DoS done to CNN, Yahoo, etc etc. Wouldn't you be able to cause a sort of DoS type attack, allbeit limited to specific networks, by spoofing an address within such a companies block, effectively costing them millions if they were added to such a list. This would assume that if you block these networks from coming into your network, you are blacklisting the address(es) for the users of your network to get out to it. If this list is setup so that you can only refuse inbound access from a specified network, but allow outbound access to the same network, then it might fly. But even ISP's blocks can be spoofed. Imagine sitting on say a PSI NET or an @home connection, and being refused the ability to do research, shopping, surfing, and would there be a liability on the part of the list if ISPs were to lose a portion of their client base because of such a situation. I think this list is far different than mail or relay blacklisting, there you are only refusing connections of a specific protocol. This scenario means you are going to tell a bunch of networks or hosts to just piss off no matter what it is they are trying to do. Then again i may be out to lunch on account of the fact that i only slept 2 hours last night. ____________________________________________ Elliott Perrin Metroland Publishing eperrin () metroland com tel. 416-798-7623 - ext 317 fax. 905-281-5677
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Yes..... that's a great idea! Whenever you would like to bother your neighbor, a company, an ISP or whoelse, just send spoofed packets with anybody else's IP address to get them blacklisted. And even when not using IP spoofing, if you're miscoding such a system or there's a bug in the design, be sure it will get hacked and communications will be brought down. It's a possible point for an attacker to get whole networks down. It would be a single point of failure (SPOF). Volker Werth -----BEGIN PGP SIGNATURE----- Version: PGPfreeware 6.5.1 Int. for non-commercial use <http://www.pgpinternational.com> iQA/AwUBOSDztbdVlYEAznqjEQJfcgCgpohkv6vitES5kIk+NYT7HA/DRjgAoK0R yy+0BT5GRirFu/fAI00ZycS+ =jndV -----END PGP SIGNATURE-----
Current thread:
- Re: unapproved update from [166.93.60.5].61946, (continued)
- Re: unapproved update from [166.93.60.5].61946 Jon Lewis (May 18)
- Re: IP Black list? Volker Werth [VWSoft] (May 16)
- Re: IP Black list? Elliot Perrin (May 16)
- Sniffer files Wozz (May 16)
- Re: Sniffer files Randy Janinda (May 18)
- Re: Sniffer files Robert Graham (May 18)
- Re: IP Black list? Paul L Schmehl (May 16)
- Re: IP Black list? Joe McAlerney (May 16)
- Sniffer files Wozz (May 16)
- Re: IP Black list? Robert G. Ferrell (May 16)
- Re: IP Black list? Tarkington, William (W.) (May 16)
- Re: IP Black list? Elliot Perrin (May 17)